| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Heur:Exploit.java.cve-2012-1723.gen entfernenWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
22.03.2013, 10:58
| #16 |
| /// Winkelfunktion /// TB-Süch-Tiger™   |  Heur:Exploit.java.cve-2012-1723.gen entfernen Wie ich anfangs erwähnt habe sind die Logs immer zu posten, egal ob Fund oder kein Fund 
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
22.03.2013, 19:41
| #17 |
 | Heur:Exploit.java.cve-2012-1723.gen entfernen Hallo!
__________________Hier das "Log" von mbar: Code:
ATTFilter Malwarebytes Anti-Rootkit BETA 1.01.0.1021
www.malwarebytes.org
Database version: v2013.03.21.12
Windows Vista Service Pack 2 x64 NTFS
Internet Explorer 9.0.8112.16421
Ron :: RON-PC [administrator]
21.03.2013 19:41:22
mbar-log-2013-03-21 (19-41-22).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 28877
Time elapsed: 14 minute(s), 29 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
Code:
ATTFilter Malwarebytes Anti-Rootkit BETA 1.01.0.1021
(c) Malwarebytes Corporation 2011-2012
OS version: 6.0.6002 Windows Vista Service Pack 2 x64
Account is Non-administrative
Internet Explorer version: 9.0.8112.16421
Java version: 1.6.0_33
File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED, E:\ DRIVE_FIXED, H:\ DRIVE_FIXED
CPU speed: 2.333000 GHz
Memory total: 6440697856, free: 3901030400
------------ Kernel report ------------
03/21/2013 19:25:55
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\acpi.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\system32\DRIVERS\vsflt67.sys
\SystemRoot\system32\DRIVERS\kl1.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\drivers\iastor.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\System32\Drivers\PxHlpa64.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\msrpc.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\ecache.sys
\SystemRoot\system32\DRIVERS\fltsrv.sys
\SystemRoot\system32\drivers\disk.sys
\SystemRoot\system32\drivers\CLASSPNP.SYS
\SystemRoot\system32\drivers\crcdisk.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\tunmp.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\DRIVERS\atikmpag.sys
\SystemRoot\system32\DRIVERS\atikmdag.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\DRIVERS\usbuhci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\DRIVERS\Rtlh64.sys
\SystemRoot\system32\DRIVERS\ohci1394.sys
\SystemRoot\system32\DRIVERS\1394BUS.SYS
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
\SystemRoot\system32\DRIVERS\msiscsi.sys
\SystemRoot\system32\DRIVERS\storport.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\SystemRoot\system32\DRIVERS\umbus.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\AtihdLH6.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\system32\drivers\RTKVHD64.sys
\SystemRoot\system32\DRIVERS\klif.sys
\SystemRoot\System32\Drivers\Fs_Rec.SYS
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\System32\DRIVERS\rasacd.sys
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\kl2.sys
\SystemRoot\system32\DRIVERS\smb.sys
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\klim6.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\kbdhid.sys
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\system32\DRIVERS\klmouflt.sys
\SystemRoot\system32\DRIVERS\USBSTOR.SYS
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_iaStor.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\system32\drivers\luafv.sys
\??\C:\Windows\system32\drivers\mbam.sys
\SystemRoot\system32\drivers\WudfPf.sys
\SystemRoot\system32\drivers\spsys.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\drivers\mrxdav.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\system32\DRIVERS\WUDFRd.sys
\??\C:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl
\SystemRoot\system32\DRIVERS\cdfs.sys
\??\C:\Users\Ron\AppData\Local\Temp\ufldrpow.sys
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\mbamswissarmy.sys
\Windows\System32\ntdll.dll
----------- End -----------
<<<1>>>
Upper Device Name: \Device\Harddisk6\DR6
Upper Device Object: 0xfffffa800924d060
Upper Device Driver Name: \Driver\disk\
Lower Device Name: \Device\0000006e\
Lower Device Object: 0xfffffa8009241760
Lower Device Driver Name: \Driver\USBSTOR\
Driver name found: USBSTOR
Initialization returned 0x0
Load Function returned 0x0
<<<1>>>
Upper Device Name: \Device\Harddisk5\DR5
Upper Device Object: 0xfffffa8009244060
Upper Device Driver Name: \Driver\disk\
Lower Device Name: \Device\0000006d\
Lower Device Object: 0xfffffa8009a1cb70
Lower Device Driver Name: \Driver\USBSTOR\
Driver name found: USBSTOR
<<<1>>>
Upper Device Name: \Device\Harddisk4\DR4
Upper Device Object: 0xfffffa8009a1f790
Upper Device Driver Name: \Driver\disk\
Lower Device Name: \Device\0000006c\
Lower Device Object: 0xfffffa8009a65730
Lower Device Driver Name: \Driver\USBSTOR\
Driver name found: USBSTOR
<<<1>>>
Upper Device Name: \Device\Harddisk3\DR3
Upper Device Object: 0xfffffa8009a63060
Upper Device Driver Name: \Driver\disk\
Lower Device Name: \Device\0000006b\
Lower Device Object: 0xfffffa8009a24060
Lower Device Driver Name: \Driver\USBSTOR\
Driver name found: USBSTOR
<<<1>>>
Upper Device Name: \Device\Harddisk2\DR2
Upper Device Object: 0xfffffa80091f9790
Upper Device Driver Name: \Driver\disk\
Lower Device Name: \Device\00000069\
Lower Device Object: 0xfffffa8009208990
Lower Device Driver Name: \Driver\USBSTOR\
Driver name found: USBSTOR
<<<1>>>
Upper Device Name: \Device\Harddisk1\DR1
Upper Device Object: 0xfffffa80085f2060
Upper Device Driver Name: \Driver\disk\
Lower Device Name: \Device\Ide\IAAStorageDevice-2\
Lower Device Object: 0xfffffa8006145050
Lower Device Driver Name: \Driver\iaStor\
Driver name found: iaStor
Initialization returned 0x0
Load Function returned 0x0
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xfffffa80085f0060
Upper Device Driver Name: \Driver\disk\
Lower Device Name: \Device\Ide\IAAStorageDevice-1\
Lower Device Object: 0xfffffa800616b050
Lower Device Driver Name: \Driver\iaStor\
Driver name found: iaStor
Downloaded database version: v2013.03.21.12
Initializing...
Done!
<<<2>>>
Device number: 0, partition: 1
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xfffffa80085f0060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa80063a50c0, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa80085f0060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
DevicePointer: 0xfffffa80083ba4e0, DeviceName: Unknown, DriverName: \Driver\vidsflt67\
DevicePointer: 0xfffffa800616b050, DeviceName: \Device\Ide\IAAStorageDevice-1\, DriverName: \Driver\iaStor\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
Upper DeviceData: 0xfffff88013b29110, 0xfffffa80085f0060, 0xfffffa80078cd080
Lower DeviceData: 0xfffff88015144ea0, 0xfffffa800616b050, 0xfffffa802c27f820
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning directory: C:\Windows\system32\drivers...
<<<2>>>
Device number: 0, partition: 1
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 1549F232
Partition information:
Partition 0 type is Primary (0x7)
Partition is ACTIVE.
Partition starts at LBA: 63 Numsec = 1221229107
Partition file system is NTFS
Partition is bootable
Partition 1 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Partition 2 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 1221229170 Numsec = 29029455
Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Disk Size: 640135028736 bytes
Sector size: 512 bytes
Scanning physical sectors of unpartitioned space on drive 0 (1-62-1250243728-1250263728)...
Physical Sector Size: 512
Drive: 1, DevicePointer: 0xfffffa80085f2060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa80085f1270, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa80085f2060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\disk\
DevicePointer: 0xfffffa80085f1040, DeviceName: Unknown, DriverName: \Driver\vidsflt67\
DevicePointer: 0xfffffa8006145050, DeviceName: \Device\Ide\IAAStorageDevice-2\, DriverName: \Driver\iaStor\
------------ End ----------
Alternate DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\disk\
Upper DeviceData: 0xfffff88018a9e480, 0xfffffa80085f2060, 0xfffffa8007867790
Lower DeviceData: 0xfffff88013e44eb0, 0xfffffa8006145050, 0xfffffa8007723080
Drive 1
Scanning MBR on drive 1...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 6BD0662C
Partition information:
Partition 0 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 63 Numsec = 1250258562
Partition 1 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Disk Size: 640135028736 bytes
Sector size: 512 bytes
Physical Sector Size: 512
Drive: 2, DevicePointer: 0xfffffa80091f9790, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa80091edb90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa80091f9790, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\disk\
DevicePointer: 0xfffffa80091e1300, DeviceName: Unknown, DriverName: \Driver\vidsflt67\
DevicePointer: 0xfffffa8009208990, DeviceName: \Device\00000069\, DriverName: \Driver\USBSTOR\
------------ End ----------
Alternate DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\disk\
Upper DeviceData: 0xfffff8801402f910, 0xfffffa80091f9790, 0xfffffa80078d7490
Lower DeviceData: 0xfffff880170eacf0, 0xfffffa8009208990, 0xfffffa802a39f8d0
Drive 2
Scanning MBR on drive 2...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 39E2E
Partition information:
Partition 0 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 2048 Numsec = 1953517568
Partition 1 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Disk Size: 1000202043392 bytes
Sector size: 512 bytes
Physical Sector Size: 0
Drive: 3, DevicePointer: 0xfffffa8009a63060, DeviceName: \Device\Harddisk3\DR3\, DriverName: \Driver\disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8009a63b90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8009a63060, DeviceName: \Device\Harddisk3\DR3\, DriverName: \Driver\disk\
DevicePointer: 0xfffffa80091d9e10, DeviceName: Unknown, DriverName: \Driver\vidsflt67\
DevicePointer: 0xfffffa8009a24060, DeviceName: \Device\0000006b\, DriverName: \Driver\USBSTOR\
------------ End ----------
Physical Sector Size: 0
Drive: 4, DevicePointer: 0xfffffa8009a1f790, DeviceName: \Device\Harddisk4\DR4\, DriverName: \Driver\disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa800924a040, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8009a1f790, DeviceName: \Device\Harddisk4\DR4\, DriverName: \Driver\disk\
DevicePointer: 0xfffffa8009a63960, DeviceName: Unknown, DriverName: \Driver\vidsflt67\
DevicePointer: 0xfffffa8009a65730, DeviceName: \Device\0000006c\, DriverName: \Driver\USBSTOR\
------------ End ----------
Physical Sector Size: 0
Drive: 5, DevicePointer: 0xfffffa8009244060, DeviceName: \Device\Harddisk5\DR5\, DriverName: \Driver\disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8009244b90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8009244060, DeviceName: \Device\Harddisk5\DR5\, DriverName: \Driver\disk\
DevicePointer: 0xfffffa80091dbbb0, DeviceName: Unknown, DriverName: \Driver\vidsflt67\
DevicePointer: 0xfffffa8009a1cb70, DeviceName: \Device\0000006d\, DriverName: \Driver\USBSTOR\
------------ End ----------
Physical Sector Size: 0
Drive: 6, DevicePointer: 0xfffffa800924d060, DeviceName: \Device\Harddisk6\DR6\, DriverName: \Driver\disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa800924db90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa800924d060, DeviceName: \Device\Harddisk6\DR6\, DriverName: \Driver\disk\
DevicePointer: 0xfffffa800924a4f0, DeviceName: Unknown, DriverName: \Driver\vidsflt67\
DevicePointer: 0xfffffa8009241760, DeviceName: \Device\0000006e\, DriverName: \Driver\USBSTOR\
------------ End ----------
Done!
Performing system, memory and registry scan...
Done!
Scan finished
=======================================
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.01.0.1021
(c) Malwarebytes Corporation 2011-2012
OS version: 6.0.6002 Windows Vista Service Pack 2 x64
Account is Administrative
Internet Explorer version: 9.0.8112.16421
Java version: 1.6.0_33
File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED, E:\ DRIVE_FIXED, H:\ DRIVE_FIXED
CPU speed: 2.333000 GHz
Memory total: 6440697856, free: 4742582272
=======================================
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.01.0.1021
(c) Malwarebytes Corporation 2011-2012
OS version: 6.0.6002 Windows Vista Service Pack 2 x64
Account is Administrative
Internet Explorer version: 9.0.8112.16421
Java version: 1.6.0_33
File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED, E:\ DRIVE_FIXED, H:\ DRIVE_FIXED
CPU speed: 2.333000 GHz
Memory total: 6440697856, free: 4493742080
------------ Kernel report ------------
03/22/2013 19:39:09
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\acpi.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\system32\DRIVERS\vsflt67.sys
\SystemRoot\system32\DRIVERS\kl1.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\drivers\iastor.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\System32\Drivers\PxHlpa64.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\msrpc.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\ecache.sys
\SystemRoot\system32\DRIVERS\fltsrv.sys
\SystemRoot\system32\drivers\disk.sys
\SystemRoot\system32\drivers\CLASSPNP.SYS
\SystemRoot\system32\drivers\crcdisk.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\tunmp.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\DRIVERS\atikmpag.sys
\SystemRoot\system32\DRIVERS\atikmdag.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\DRIVERS\usbuhci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\DRIVERS\Rtlh64.sys
\SystemRoot\system32\DRIVERS\ohci1394.sys
\SystemRoot\system32\DRIVERS\1394BUS.SYS
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
\SystemRoot\system32\DRIVERS\msiscsi.sys
\SystemRoot\system32\DRIVERS\storport.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\SystemRoot\system32\DRIVERS\umbus.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\AtihdLH6.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\system32\drivers\RTKVHD64.sys
\SystemRoot\system32\DRIVERS\klif.sys
\SystemRoot\System32\Drivers\Fs_Rec.SYS
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\System32\DRIVERS\rasacd.sys
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\kl2.sys
\SystemRoot\system32\DRIVERS\smb.sys
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\klim6.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\kbdhid.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_iaStor.sys
\SystemRoot\system32\DRIVERS\USBSTOR.SYS
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\system32\DRIVERS\klmouflt.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\system32\drivers\luafv.sys
\??\C:\Windows\system32\drivers\mbam.sys
\SystemRoot\system32\drivers\WudfPf.sys
\SystemRoot\system32\drivers\spsys.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\drivers\mrxdav.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\drivers\tcpipreg.sys
\??\C:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl
\SystemRoot\system32\DRIVERS\WUDFRd.sys
\SystemRoot\system32\DRIVERS\cdfs.sys
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\mbamswissarmy.sys
\Windows\System32\ntdll.dll
----------- End -----------
<<<1>>>
Upper Device Name: \Device\Harddisk6\DR6
Upper Device Object: 0xfffffa8009cb7060
Upper Device Driver Name: \Driver\disk\
Lower Device Name: \Device\0000006f\
Lower Device Object: 0xfffffa8009cac060
Lower Device Driver Name: \Driver\USBSTOR\
Driver name found: USBSTOR
Initialization returned 0x0
Load Function returned 0x0
<<<1>>>
Upper Device Name: \Device\Harddisk5\DR5
Upper Device Object: 0xfffffa8009cb5060
Upper Device Driver Name: \Driver\disk\
Lower Device Name: \Device\0000006e\
Lower Device Object: 0xfffffa8009cabb70
Lower Device Driver Name: \Driver\USBSTOR\
Driver name found: USBSTOR
<<<1>>>
Upper Device Name: \Device\Harddisk4\DR4
Upper Device Object: 0xfffffa8009cb3060
Upper Device Driver Name: \Driver\disk\
Lower Device Name: \Device\0000006d\
Lower Device Object: 0xfffffa8009cacb70
Lower Device Driver Name: \Driver\USBSTOR\
Driver name found: USBSTOR
<<<1>>>
Upper Device Name: \Device\Harddisk3\DR3
Upper Device Object: 0xfffffa8009cb2790
Upper Device Driver Name: \Driver\disk\
Lower Device Name: \Device\0000006c\
Lower Device Object: 0xfffffa8009cad6d0
Lower Device Driver Name: \Driver\USBSTOR\
Driver name found: USBSTOR
<<<1>>>
Upper Device Name: \Device\Harddisk2\DR2
Upper Device Object: 0xfffffa8008580790
Upper Device Driver Name: \Driver\disk\
Lower Device Name: \Device\00000068\
Lower Device Object: 0xfffffa8009d91b70
Lower Device Driver Name: \Driver\USBSTOR\
Driver name found: USBSTOR
<<<1>>>
Upper Device Name: \Device\Harddisk1\DR1
Upper Device Object: 0xfffffa8005619790
Upper Device Driver Name: \Driver\disk\
Lower Device Name: \Device\Ide\IAAStorageDevice-2\
Lower Device Object: 0xfffffa800616d050
Lower Device Driver Name: \Driver\iaStor\
Driver name found: iaStor
Initialization returned 0x0
Load Function returned 0x0
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xfffffa8006f27300
Upper Device Driver Name: \Driver\disk\
Lower Device Name: \Device\Ide\IAAStorageDevice-1\
Lower Device Object: 0xfffffa8006169050
Lower Device Driver Name: \Driver\iaStor\
Driver name found: iaStor
=======================================
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.01.0.1021
(c) Malwarebytes Corporation 2011-2012
OS version: 6.0.6002 Windows Vista Service Pack 2 x64
Account is Administrative
Internet Explorer version: 9.0.8112.16421
Java version: 1.6.0_33
File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED, E:\ DRIVE_FIXED, H:\ DRIVE_FIXED
CPU speed: 2.333000 GHz
Memory total: 6440697856, free: 4698214400
Geändert von dr.tschuna (22.03.2013 um 19:57 Uhr) |
|
23.03.2013, 10:08
| #18 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Heur:Exploit.java.cve-2012-1723.gen entfernen aswMBR
__________________Downloade dir bitte  aswMBR.exe und speichere die Datei auf deinem Desktop.
Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none). TDSS-Killer Downloade dir bitte  TDSSKiller.exe und speichere diese Datei auf dem Desktop
__________________ |
|
23.03.2013, 16:22
| #19 |
| | Heur:Exploit.java.cve-2012-1723.gen entfernenCode:
ATTFilter aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2013-03-23 14:38:44
-----------------------------
14:38:44.458 OS Version: Windows x64 6.0.6002 Service Pack 2
14:38:44.458 Number of processors: 4 586 0x1707
14:38:44.458 ComputerName: RON-PC UserName: Ron
14:39:14.309 Initialize success
14:43:21.118 AVAST engine defs: 13032301
14:43:26.797 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
14:43:26.797 Disk 0 Vendor: SAMSUNG_ 1AA0 Size: 610480MB BusType: 8
14:43:26.797 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IAAStorageDevice-2
14:43:26.797 Disk 1 Vendor: SAMSUNG_ 1AA0 Size: 610480MB BusType: 8
14:43:26.906 Disk 0 MBR read successfully
14:43:26.922 Disk 0 MBR scan
14:43:26.922 Disk 0 unknown MBR code
14:43:26.922 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 596303 MB offset 63
14:43:26.953 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 14174 MB offset 1221229170
14:43:27.000 Disk 0 scanning C:\Windows\system32\drivers
14:43:37.951 Service scanning
14:43:57.685 Modules scanning
14:43:57.685 Disk 0 trace - called modules:
14:43:57.700 ntoskrnl.exe CLASSPNP.SYS disk.sys vsflt67.sys iastor.sys hal.dll
14:43:57.716 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80064ab060]
14:43:57.716 3 CLASSPNP.SYS[fffffa60009d5c33] -> nt!IofCallDriver -> [0xfffffa80083e1110]
14:43:57.716 5 vsflt67.sys[fffffa60009817cd] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8006168050]
14:44:05.672 AVAST engine scan C:\Windows
14:44:31.974 AVAST engine scan C:\Windows\system32
14:48:37.114 AVAST engine scan C:\Windows\system32\drivers
14:49:14.601 AVAST engine scan C:\Users\Ron
15:54:06.141 AVAST engine scan C:\ProgramData
16:05:29.998 Scan finished successfully
16:09:08.423 Disk 0 MBR has been saved successfully to "C:\Users\Ron\Desktop\MBR.dat"
16:09:08.439 The log file has been saved successfully to "C:\Users\Ron\Desktop\aswMBR.txt"
aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2013-03-23 14:38:44
-----------------------------
14:38:44.458 OS Version: Windows x64 6.0.6002 Service Pack 2
14:38:44.458 Number of processors: 4 586 0x1707
14:38:44.458 ComputerName: RON-PC UserName: Ron
14:39:14.309 Initialize success
14:43:21.118 AVAST engine defs: 13032301
14:43:26.797 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
14:43:26.797 Disk 0 Vendor: SAMSUNG_ 1AA0 Size: 610480MB BusType: 8
14:43:26.797 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IAAStorageDevice-2
14:43:26.797 Disk 1 Vendor: SAMSUNG_ 1AA0 Size: 610480MB BusType: 8
14:43:26.906 Disk 0 MBR read successfully
14:43:26.922 Disk 0 MBR scan
14:43:26.922 Disk 0 unknown MBR code
14:43:26.922 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 596303 MB offset 63
14:43:26.953 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 14174 MB offset 1221229170
14:43:27.000 Disk 0 scanning C:\Windows\system32\drivers
14:43:37.951 Service scanning
14:43:57.685 Modules scanning
14:43:57.685 Disk 0 trace - called modules:
14:43:57.700 ntoskrnl.exe CLASSPNP.SYS disk.sys vsflt67.sys iastor.sys hal.dll
14:43:57.716 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80064ab060]
14:43:57.716 3 CLASSPNP.SYS[fffffa60009d5c33] -> nt!IofCallDriver -> [0xfffffa80083e1110]
14:43:57.716 5 vsflt67.sys[fffffa60009817cd] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8006168050]
14:44:05.672 AVAST engine scan C:\Windows
14:44:31.974 AVAST engine scan C:\Windows\system32
14:48:37.114 AVAST engine scan C:\Windows\system32\drivers
14:49:14.601 AVAST engine scan C:\Users\Ron
15:54:06.141 AVAST engine scan C:\ProgramData
16:05:29.998 Scan finished successfully
16:09:08.423 Disk 0 MBR has been saved successfully to "C:\Users\Ron\Desktop\MBR.dat"
16:09:08.439 The log file has been saved successfully to "C:\Users\Ron\Desktop\aswMBR.txt"
16:10:03.905 Disk 0 MBR has been saved successfully to "C:\Users\Ron\Desktop\MBR.dat"
16:10:03.905 The log file has been saved successfully to "C:\Users\Ron\Desktop\aswMBR.txt"
|
|
23.03.2013, 16:23
| #20 |
| | Heur:Exploit.java.cve-2012-1723.gen entfernenCode:
ATTFilter 16:12:31.0955 5500 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
16:12:32.0221 5500 ============================================================
16:12:32.0221 5500 Current date / time: 2013/03/23 16:12:32.0221
16:12:32.0221 5500 SystemInfo:
16:12:32.0221 5500
16:12:32.0221 5500 OS Version: 6.0.6002 ServicePack: 2.0
16:12:32.0221 5500 Product type: Workstation
16:12:32.0221 5500 ComputerName: RON-PC
16:12:32.0221 5500 UserName: Ron
16:12:32.0221 5500 Windows directory: C:\Windows
16:12:32.0221 5500 System windows directory: C:\Windows
16:12:32.0221 5500 Running under WOW64
16:12:32.0221 5500 Processor architecture: Intel x64
16:12:32.0221 5500 Number of processors: 4
16:12:32.0221 5500 Page size: 0x1000
16:12:32.0221 5500 Boot type: Normal boot
16:12:32.0221 5500 ============================================================
16:12:32.0704 5500 Drive \Device\Harddisk0\DR0 - Size: 0x950B056000 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
16:12:32.0704 5500 Drive \Device\Harddisk1\DR1 - Size: 0x950B056000 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
16:12:32.0813 5500 Drive \Device\Harddisk2\DR2 - Size: 0xE8E0B00000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB00, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
16:12:33.0235 5500 ============================================================
16:12:33.0235 5500 \Device\Harddisk0\DR0:
16:12:33.0235 5500 MBR partitions:
16:12:33.0235 5500 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x48CA7A33
16:12:33.0235 5500 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x48CA7A72, BlocksNum 0x1BAF44F
16:12:33.0235 5500 \Device\Harddisk1\DR1:
16:12:33.0235 5500 MBR partitions:
16:12:33.0235 5500 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x4A856E82
16:12:33.0235 5500 \Device\Harddisk2\DR2:
16:12:33.0235 5500 MBR partitions:
16:12:33.0235 5500 \Device\Harddisk2\DR2\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x74705000
16:12:33.0235 5500 ============================================================
16:12:33.0328 5500 C: <-> \Device\Harddisk0\DR0\Partition1
16:12:33.0328 5500 E: <-> \Device\Harddisk1\DR1\Partition1
16:12:33.0375 5500 D: <-> \Device\Harddisk0\DR0\Partition2
16:12:33.0406 5500 H: <-> \Device\Harddisk2\DR2\Partition1
16:12:33.0406 5500 ============================================================
16:12:33.0406 5500 Initialize success
16:12:33.0406 5500 ============================================================
16:14:23.0251 5108 ============================================================
16:14:23.0251 5108 Scan started
16:14:23.0251 5108 Mode: Manual; SigCheck; TDLFS;
16:14:23.0251 5108 ============================================================
16:14:24.0031 5108 ================ Scan system memory ========================
16:14:24.0031 5108 System memory - ok
16:14:24.0031 5108 ================ Scan services =============================
16:14:24.0141 5108 ACDaemon - ok
16:14:24.0234 5108 [ 1965AAFFAB07E3FB03C77F81BEBA3547 ] ACPI C:\Windows\system32\drivers\acpi.sys
16:14:24.0390 5108 ACPI - ok
16:14:24.0484 5108 [ EA856F4A46320389D1899B2CAA7BF40F ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
16:14:24.0499 5108 AdobeFlashPlayerUpdateSvc - ok
16:14:24.0562 5108 [ F14215E37CF124104575073F782111D2 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
16:14:24.0593 5108 adp94xx - ok
16:14:24.0624 5108 [ 7D05A75E3066861A6610F7EE04FF085C ] adpahci C:\Windows\system32\drivers\adpahci.sys
16:14:24.0655 5108 adpahci - ok
16:14:24.0702 5108 [ 820A201FE08A0C345B3BEDBC30E1A77C ] adpu160m C:\Windows\system32\drivers\adpu160m.sys
16:14:24.0718 5108 adpu160m - ok
16:14:24.0749 5108 [ 9B4AB6854559DC168FBB4C24FC52E794 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
16:14:24.0765 5108 adpu320 - ok
16:14:24.0811 5108 [ 0F421175574BFE0BF2F4D8E910A253BB ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
16:14:24.0952 5108 AeLookupSvc - ok
16:14:24.0983 5108 [ C4F6CE6087760AD70960C9EB130E7943 ] AFD C:\Windows\system32\drivers\afd.sys
16:14:25.0061 5108 AFD - ok
16:14:25.0092 5108 [ F6F6793B7F17B550ECFDBD3B229173F7 ] agp440 C:\Windows\system32\drivers\agp440.sys
16:14:25.0108 5108 agp440 - ok
16:14:25.0155 5108 [ 222CB641B4B8A1D1126F8033F9FD6A00 ] aic78xx C:\Windows\system32\drivers\djsvs.sys
16:14:25.0170 5108 aic78xx - ok
16:14:25.0186 5108 [ 5922F4F59B7868F3D74BBBBEB7B825A3 ] ALG C:\Windows\System32\alg.exe
16:14:25.0326 5108 ALG - ok
16:14:25.0357 5108 [ 157D0898D4B73F075CE9FA26B482DF98 ] aliide C:\Windows\system32\drivers\aliide.sys
16:14:25.0373 5108 aliide - ok
16:14:25.0435 5108 [ 5EC60409BD50953BD4F892B18840039E ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
16:14:25.0529 5108 AMD External Events Utility - ok
16:14:25.0529 5108 [ 970FA5059E61E30D25307B99903E991E ] amdide C:\Windows\system32\drivers\amdide.sys
16:14:25.0545 5108 amdide - ok
16:14:25.0591 5108 [ CDC3632A3A5EA4DBB83E46076A3165A1 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
16:14:25.0669 5108 AmdK8 - ok
16:14:25.0857 5108 [ 322E5C178990F116F00E3D923F4E6B1C ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys
16:14:26.0200 5108 amdkmdag - ok
16:14:26.0247 5108 [ 961A81A84FDD700E361E8294528A37BA ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys
16:14:26.0309 5108 amdkmdap - ok
16:14:26.0356 5108 [ 9C37B3FD5615477CB9A0CD116CF43F5C ] Appinfo C:\Windows\System32\appinfo.dll
16:14:26.0387 5108 Appinfo - ok
16:14:26.0481 5108 [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
16:14:26.0496 5108 Apple Mobile Device - ok
16:14:26.0543 5108 [ BA8417D4765F3988FF921F30F630E303 ] arc C:\Windows\system32\drivers\arc.sys
16:14:26.0559 5108 arc - ok
16:14:26.0605 5108 [ 9D41C435619733B34CC16A511E644B11 ] arcsas C:\Windows\system32\drivers\arcsas.sys
16:14:26.0621 5108 arcsas - ok
16:14:26.0668 5108 [ 22D13FF3DAFEC2A80634752B1EAA2DE6 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
16:14:26.0715 5108 AsyncMac - ok
16:14:26.0761 5108 [ 1898FAE8E07D97F2F6C2D5326C633FAC ] atapi C:\Windows\system32\drivers\atapi.sys
16:14:26.0777 5108 atapi - ok
16:14:26.0824 5108 [ 1A872AB76D00F52643BB0F81792BBF3B ] AtiHDAudioService C:\Windows\system32\drivers\AtihdLH6.sys
16:14:26.0855 5108 AtiHDAudioService - ok
16:14:26.0886 5108 [ 79318C744693EC983D20E9337A2F8196 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
16:14:26.0964 5108 AudioEndpointBuilder - ok
16:14:26.0964 5108 [ 79318C744693EC983D20E9337A2F8196 ] AudioSrv C:\Windows\System32\Audiosrv.dll
16:14:27.0011 5108 AudioSrv - ok
16:14:27.0073 5108 [ 6C9D5BADC8F83D410A278717C2EEA6F6 ] AVP C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe
16:14:27.0089 5108 AVP - ok
16:14:27.0151 5108 [ FFB96C2589FFA60473EAD78B39FBDE29 ] BFE C:\Windows\System32\bfe.dll
16:14:27.0198 5108 BFE - ok
16:14:27.0245 5108 [ 6D316F4859634071CC25C4FD4589AD2C ] BITS C:\Windows\System32\qmgr.dll
16:14:27.0370 5108 BITS - ok
16:14:27.0385 5108 [ 79FEEB40056683F8F61398D81DDA65D2 ] blbdrive C:\Windows\system32\drivers\blbdrive.sys
16:14:27.0463 5108 blbdrive - ok
16:14:27.0557 5108 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
16:14:27.0573 5108 Bonjour Service - ok
16:14:27.0651 5108 [ 2348447A80920B2493A9B582A23E81E1 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
16:14:27.0713 5108 bowser - ok
16:14:27.0744 5108 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\drivers\brfiltlo.sys
16:14:27.0791 5108 BrFiltLo - ok
16:14:27.0822 5108 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\drivers\brfiltup.sys
16:14:27.0869 5108 BrFiltUp - ok
16:14:27.0900 5108 [ A1B39DE453433B115B4EA69EE0343816 ] Browser C:\Windows\System32\browser.dll
16:14:27.0978 5108 Browser - ok
16:14:28.0025 5108 [ F0F0BA4D815BE446AA6A4583CA3BCA9B ] Brserid C:\Windows\system32\drivers\brserid.sys
16:14:28.0181 5108 Brserid - ok
16:14:28.0212 5108 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\system32\drivers\brserwdm.sys
16:14:28.0259 5108 BrSerWdm - ok
16:14:28.0275 5108 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\system32\drivers\brusbmdm.sys
16:14:28.0384 5108 BrUsbMdm - ok
16:14:28.0384 5108 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\system32\drivers\brusbser.sys
16:14:28.0477 5108 BrUsbSer - ok
16:14:28.0493 5108 [ E0777B34E05F8A82A21856EFC900C29F ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
16:14:28.0587 5108 BTHMODEM - ok
16:14:28.0633 5108 [ B4D787DB8D30793A4D4DF9FEED18F136 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
16:14:28.0711 5108 cdfs - ok
16:14:28.0743 5108 [ C025AA69BE3D0D25C7A2E746EF6F94FC ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
16:14:28.0789 5108 cdrom - ok
16:14:28.0852 5108 [ 5A268127633C7EE2A7FB87F39D748D56 ] CertPropSvc C:\Windows\System32\certprop.dll
16:14:28.0883 5108 CertPropSvc - ok
16:14:28.0899 5108 [ 02EA568D498BBDD4BA55BF3FCE34D456 ] circlass C:\Windows\system32\drivers\circlass.sys
16:14:28.0945 5108 circlass - ok
16:14:28.0961 5108 [ 3DCA9A18B204939CFB24BEA53E31EB48 ] CLFS C:\Windows\system32\CLFS.sys
16:14:29.0008 5108 CLFS - ok
16:14:29.0101 5108 [ 8EE772032E2FE80A924F3B8DD5082194 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
16:14:29.0117 5108 clr_optimization_v2.0.50727_32 - ok
16:14:29.0195 5108 [ CE07A466201096F021CD09D631B21540 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
16:14:29.0211 5108 clr_optimization_v2.0.50727_64 - ok
16:14:29.0289 5108 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
16:14:29.0304 5108 clr_optimization_v4.0.30319_32 - ok
16:14:29.0382 5108 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
16:14:29.0382 5108 clr_optimization_v4.0.30319_64 - ok
16:14:29.0398 5108 [ E5D5499A1C50A54B5161296B6AFE6192 ] cmdide C:\Windows\system32\drivers\cmdide.sys
16:14:29.0413 5108 cmdide - ok
16:14:29.0429 5108 [ 7FB8AD01DB0EABE60C8A861531A8F431 ] Compbatt C:\Windows\system32\drivers\compbatt.sys
16:14:29.0429 5108 Compbatt - ok
16:14:29.0445 5108 COMSysApp - ok
16:14:29.0445 5108 [ A8585B6412253803CE8EFCBD6D6DC15C ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
16:14:29.0460 5108 crcdisk - ok
16:14:29.0523 5108 [ CA78B312C44E4D52E842C2C8BD48E452 ] CryptSvc C:\Windows\system32\cryptsvc.dll
16:14:29.0585 5108 CryptSvc - ok
16:14:29.0647 5108 [ CF8B9A3A5E7DC57724A89D0C3E8CF9EF ] DcomLaunch C:\Windows\system32\rpcss.dll
16:14:29.0772 5108 DcomLaunch - ok
16:14:29.0819 5108 [ 8B722BA35205C71E7951CDC4CDBADE19 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
16:14:29.0881 5108 DfsC - ok
16:14:30.0006 5108 [ C647F468F7DE343DF8C143655C5557D4 ] DFSR C:\Windows\system32\DFSR.exe
16:14:30.0178 5108 DFSR - ok
16:14:30.0256 5108 [ 3ED0321127CE70ACDAABBF77E157C2A7 ] Dhcp C:\Windows\System32\dhcpcsvc.dll
16:14:30.0318 5108 Dhcp - ok
16:14:30.0349 5108 [ B0107E40ECDB5FA692EBF832F295D905 ] disk C:\Windows\system32\drivers\disk.sys
16:14:30.0365 5108 disk - ok
16:14:30.0427 5108 [ 06230F1B721494A6DF8D47FD395BB1B0 ] Dnscache C:\Windows\System32\dnsrslvr.dll
16:14:30.0474 5108 Dnscache - ok
16:14:30.0505 5108 [ 1A7156DD1E850E9914E5E991E3225B94 ] dot3svc C:\Windows\System32\dot3svc.dll
16:14:30.0552 5108 dot3svc - ok
16:14:30.0568 5108 [ 1583B39790DB3EAEC7EDB0CB0140C708 ] DPS C:\Windows\system32\dps.dll
16:14:30.0630 5108 DPS - ok
16:14:30.0677 5108 [ F1A78A98CFC2EE02144C6BEC945447E6 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
16:14:30.0755 5108 drmkaud - ok
16:14:30.0802 5108 [ B8E554E502D5123BC111F99D6A2181B4 ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
16:14:30.0864 5108 DXGKrnl - ok
16:14:30.0911 5108 [ 264CEE7B031A9D6C827F3D0CB031F2FE ] E1G60 C:\Windows\system32\DRIVERS\E1G6032E.sys
16:14:30.0958 5108 E1G60 - ok
16:14:31.0005 5108 [ C2303883FD9BE49DC36A6400643002EA ] EapHost C:\Windows\System32\eapsvc.dll
16:14:31.0051 5108 EapHost - ok
16:14:31.0114 5108 [ 5F94962BE5A62DB6E447FF6470C4F48A ] Ecache C:\Windows\system32\drivers\ecache.sys
16:14:31.0129 5108 Ecache - ok
16:14:31.0176 5108 [ 14CE384D2E27B64C256BDA4DC39C312D ] ehRecvr C:\Windows\ehome\ehRecvr.exe
16:14:31.0254 5108 ehRecvr - ok
16:14:31.0254 5108 [ B93159C1313D66FDFBBE876F5189CD52 ] ehSched C:\Windows\ehome\ehsched.exe
16:14:31.0317 5108 ehSched - ok
16:14:31.0348 5108 [ F5EE2527D74449868E3C3227A59BCD28 ] ehstart C:\Windows\ehome\ehstart.dll
16:14:31.0395 5108 ehstart - ok
16:14:31.0410 5108 [ C4636D6E10469404AB5308D9FD45ED07 ] elxstor C:\Windows\system32\drivers\elxstor.sys
16:14:31.0441 5108 elxstor - ok
16:14:31.0488 5108 [ A9B18B63A4FD6BAAB83326706D857FAB ] EMDMgmt C:\Windows\system32\emdmgmt.dll
16:14:31.0582 5108 EMDMgmt - ok
16:14:31.0597 5108 [ BC3A58E938BB277E46BF4B3003B01ABD ] ErrDev C:\Windows\system32\drivers\errdev.sys
16:14:31.0660 5108 ErrDev - ok
16:14:31.0691 5108 [ E12F22B73F153DECE721CD45EC05B4AF ] EventSystem C:\Windows\system32\es.dll
16:14:31.0785 5108 EventSystem - ok
16:14:31.0816 5108 [ 486844F47B6636044A42454614ED4523 ] exfat C:\Windows\system32\drivers\exfat.sys
16:14:31.0847 5108 exfat - ok
16:14:31.0847 5108 ezSharedSvc - ok
16:14:31.0878 5108 [ 1A4BEE34277784619DDAF0422C0C6E23 ] fastfat C:\Windows\system32\drivers\fastfat.sys
16:14:31.0925 5108 fastfat - ok
16:14:31.0972 5108 [ 81B79B6DF71FA1D2C6D688D830616E39 ] fdc C:\Windows\system32\DRIVERS\fdc.sys
16:14:32.0003 5108 fdc - ok
16:14:32.0019 5108 [ BB9267ACACD8B7533DD936C34A0CBA5E ] fdPHost C:\Windows\system32\fdPHost.dll
16:14:32.0081 5108 fdPHost - ok
16:14:32.0112 5108 [ 300C80931EABBE1DB7591C516EFE8D0F ] FDResPub C:\Windows\system32\fdrespub.dll
16:14:32.0190 5108 FDResPub - ok
16:14:32.0190 5108 [ 457B7D1D533E4BD62A99AED9C7BB4C59 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
16:14:32.0221 5108 FileInfo - ok
16:14:32.0237 5108 [ D421327FD6EFCCAF884A54C58E1B0D7F ] Filetrace C:\Windows\system32\drivers\filetrace.sys
16:14:32.0284 5108 Filetrace - ok
16:14:32.0315 5108 [ 230923EA2B80F79B0F88D90F87B87EBD ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
16:14:32.0362 5108 flpydisk - ok
16:14:32.0393 5108 [ E3041BC26D6930D61F42AEDB79C91720 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
16:14:32.0424 5108 FltMgr - ok
16:14:32.0487 5108 [ D4463A74E1BFBF3FB9B4FC6CF5390152 ] fltsrv C:\Windows\system32\DRIVERS\fltsrv.sys
16:14:32.0518 5108 fltsrv - ok
16:14:32.0611 5108 [ BE1C5BD1CA7ED015BC6FA1AE67E592C8 ] FontCache C:\Windows\system32\FntCache.dll
16:14:32.0689 5108 FontCache - ok
16:14:32.0736 5108 [ BC5B0BE5AF3510B0FD8C140EE42C6D3E ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
16:14:32.0752 5108 FontCache3.0.0.0 - ok
16:14:32.0799 5108 [ 5779B86CD8B32519FBECB136394D946A ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
16:14:32.0861 5108 Fs_Rec - ok
16:14:32.0877 5108 [ C8E416668D3DC2BE3D4FE4C79224997F ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
16:14:32.0892 5108 gagp30kx - ok
16:14:32.0939 5108 [ 8E98D21EE06192492A5671A6144D092F ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
16:14:32.0970 5108 GEARAspiWDM - ok
16:14:33.0001 5108 [ A0E1B575BA8F504968CD40C0FAEB2384 ] gpsvc C:\Windows\System32\gpsvc.dll
16:14:33.0095 5108 gpsvc - ok
16:14:33.0142 5108 [ 68E732382B32417FF61FD663259B4B09 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
16:14:33.0189 5108 HdAudAddService - ok
16:14:33.0220 5108 [ F942C5820205F2FB453243EDFEC82A3D ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
16:14:33.0329 5108 HDAudBus - ok
16:14:33.0345 5108 [ B4881C84A180E75B8C25DC1D726C375F ] HidBth C:\Windows\system32\drivers\hidbth.sys
16:14:33.0407 5108 HidBth - ok
16:14:33.0438 5108 [ 4E77A77E2C986E8F88F996BB3E1AD829 ] HidIr C:\Windows\system32\drivers\hidir.sys
16:14:33.0532 5108 HidIr - ok
16:14:33.0563 5108 [ 59361D38A297755D46A540E450202B2A ] hidserv C:\Windows\system32\hidserv.dll
16:14:33.0625 5108 hidserv - ok
16:14:33.0657 5108 [ 443BDD2D30BB4F00795C797E2CF99EDF ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
16:14:33.0703 5108 HidUsb - ok
16:14:33.0735 5108 [ B12F367EA39C0795FD57E31242CE1A5A ] hkmsvc C:\Windows\system32\kmsvc.dll
16:14:33.0797 5108 hkmsvc - ok
16:14:33.0859 5108 [ AA9EF0B395097F24D289F64445B2FD2E ] HP Health Check Service c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
16:14:33.0891 5108 HP Health Check Service ( UnsignedFile.Multi.Generic ) - warning
16:14:33.0891 5108 HP Health Check Service - detected UnsignedFile.Multi.Generic (1)
16:14:33.0922 5108 [ D7109A1E6BD2DFDBCBA72A6BC626A13B ] HpCISSs C:\Windows\system32\drivers\hpcisss.sys
16:14:33.0937 5108 HpCISSs - ok
16:14:33.0969 5108 [ 098F1E4E5C9CB5B0063A959063631610 ] HTTP C:\Windows\system32\drivers\HTTP.sys
16:14:34.0031 5108 HTTP - ok
16:14:34.0062 5108 [ DA94C854CEA5FAC549D4E1F6E88349E8 ] i2omp C:\Windows\system32\drivers\i2omp.sys
16:14:34.0093 5108 i2omp - ok
16:14:34.0125 5108 [ CBB597659A2713CE0C9CC20C88C7591F ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
16:14:34.0171 5108 i8042prt - ok
16:14:34.0249 5108 [ 1117AF8C53AA278A4C5B7EF1B00E08F4 ] IAANTMON C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
16:14:34.0265 5108 IAANTMON - ok
16:14:34.0312 5108 [ 5979854E6FDA990107E3170327022117 ] iaStor C:\Windows\system32\drivers\iastor.sys
16:14:34.0359 5108 iaStor - ok
16:14:34.0390 5108 [ 3E3BF3627D886736D0B4E90054F929F6 ] iaStorV C:\Windows\system32\drivers\iastorv.sys
16:14:34.0405 5108 iaStorV - ok
16:14:34.0468 5108 [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
16:14:34.0499 5108 IDriverT ( UnsignedFile.Multi.Generic ) - warning
16:14:34.0499 5108 IDriverT - detected UnsignedFile.Multi.Generic (1)
16:14:34.0561 5108 [ 749F5F8CEDCA70F2A512945325FC489D ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
16:14:34.0608 5108 idsvc - ok
16:14:34.0624 5108 [ 8C3951AD2FE886EF76C7B5027C3125D3 ] iirsp C:\Windows\system32\drivers\iirsp.sys
16:14:34.0639 5108 iirsp - ok
16:14:34.0671 5108 [ 0C9EA6E654E7B0471741E343A6C671AF ] IKEEXT C:\Windows\System32\ikeext.dll
16:14:34.0749 5108 IKEEXT - ok
16:14:34.0811 5108 [ DC64D46EF8ACE3BD1CEC3A4A61608D4E ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
16:14:34.0889 5108 IntcAzAudAddService - ok
16:14:34.0920 5108 [ DF797A12176F11B2D301C5B234BB200E ] intelide C:\Windows\system32\drivers\intelide.sys
16:14:34.0936 5108 intelide - ok
16:14:34.0951 5108 [ BFD84AF32FA1BAD6231C4585CB469630 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
16:14:34.0983 5108 intelppm - ok
16:14:35.0014 5108 [ 5624BC1BC5EEB49C0AB76A8114F05EA3 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
16:14:35.0045 5108 IPBusEnum - ok
16:14:35.0076 5108 [ D8AABC341311E4780D6FCE8C73C0AD81 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
16:14:35.0123 5108 IpFilterDriver - ok
16:14:35.0139 5108 [ BF0DBFA9792C5C14FA00F61C75116C1B ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
16:14:35.0201 5108 iphlpsvc - ok
16:14:35.0217 5108 IpInIp - ok
16:14:35.0232 5108 [ 9C2EE2E6E5A7203BFAE15C299475EC67 ] IPMIDRV C:\Windows\system32\drivers\ipmidrv.sys
16:14:35.0295 5108 IPMIDRV - ok
16:14:35.0326 5108 [ B7E6212F581EA5F6AB0C3A6CEEEB89BE ] IPNAT C:\Windows\system32\DRIVERS\ipnat.sys
16:14:35.0388 5108 IPNAT - ok
16:14:35.0451 5108 [ 6E50CFA46527B39015B750AAD161C5CC ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
16:14:35.0497 5108 iPod Service - ok
16:14:35.0497 5108 [ 8C42CA155343A2F11D29FECA67FAA88D ] IRENUM C:\Windows\system32\drivers\irenum.sys
16:14:35.0544 5108 IRENUM - ok
16:14:35.0591 5108 [ 0672BFCEDC6FC468A2B0500D81437F4F ] isapnp C:\Windows\system32\drivers\isapnp.sys
16:14:35.0607 5108 isapnp - ok
16:14:35.0653 5108 [ E4FDF99599F27EC25D2CF6D754243520 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
16:14:35.0685 5108 iScsiPrt - ok
16:14:35.0700 5108 [ 63C766CDC609FF8206CB447A65ABBA4A ] iteatapi C:\Windows\system32\drivers\iteatapi.sys
16:14:35.0716 5108 iteatapi - ok
16:14:35.0731 5108 [ 1281FE73B17664631D12F643CBEA3F59 ] iteraid C:\Windows\system32\drivers\iteraid.sys
16:14:35.0747 5108 iteraid - ok
16:14:35.0763 5108 [ 423696F3BA6472DD17699209B933BC26 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
16:14:35.0778 5108 kbdclass - ok
16:14:35.0809 5108 [ DBDF75D51464FBC47D0104EC3D572C05 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
16:14:35.0856 5108 kbdhid - ok
16:14:35.0903 5108 [ 260BF9C43EE12C6898A9F5AAB0FB0E5D ] KeyIso C:\Windows\system32\lsass.exe
16:14:35.0965 5108 KeyIso - ok
16:14:36.0028 5108 [ E656FE10D6D27794AFA08136685A69E8 ] KL1 C:\Windows\system32\DRIVERS\kl1.sys
16:14:36.0059 5108 KL1 - ok
16:14:36.0075 5108 [ D865DD8B0448E3F963D68C04C532858F ] kl2 C:\Windows\system32\DRIVERS\kl2.sys
16:14:36.0090 5108 kl2 - ok
16:14:36.0121 5108 [ C7D4F357C482DD37E2B05F34093B7B0C ] KLIF C:\Windows\system32\DRIVERS\klif.sys
16:14:36.0153 5108 KLIF - ok
16:14:36.0184 5108 [ 89FB5A33D7171B6D84F5EB721D5055E1 ] KLIM6 C:\Windows\system32\DRIVERS\klim6.sys
16:14:36.0199 5108 KLIM6 - ok
16:14:36.0215 5108 [ 9468D07E91BA136D82415F5DFC1FE168 ] klmouflt C:\Windows\system32\DRIVERS\klmouflt.sys
16:14:36.0231 5108 klmouflt - ok
16:14:36.0293 5108 [ 88956AD9FA510848AD176777A6C6C1F5 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
16:14:36.0340 5108 KSecDD - ok
16:14:36.0371 5108 [ 1D419CF43DB29396ECD7113D129D94EB ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
16:14:36.0418 5108 ksthunk - ok
16:14:36.0480 5108 [ 1FAF6926F3416D3DA05C5B265491BDAE ] KtmRm C:\Windows\system32\msdtckrm.dll
16:14:36.0543 5108 KtmRm - ok
16:14:36.0574 5108 [ 50C7A3CB427E9BB5ED0708A669956AB5 ] LanmanServer C:\Windows\system32\srvsvc.dll
16:14:36.0667 5108 LanmanServer - ok
16:14:36.0730 5108 [ CAF86FC1388BE1E470F1A7B43E348ADB ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
16:14:36.0777 5108 LanmanWorkstation - ok
16:14:36.0792 5108 [ 96ECE2659B6654C10A0C310AE3A6D02C ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
16:14:36.0839 5108 lltdio - ok
16:14:36.0855 5108 [ 961CCBD0B1CCB5675D64976FAE37D092 ] lltdsvc C:\Windows\System32\lltdsvc.dll
16:14:36.0933 5108 lltdsvc - ok
16:14:36.0948 5108 [ A47F8080CACC23C91FE823AD19AA5612 ] lmhosts C:\Windows\System32\lmhsvc.dll
16:14:37.0011 5108 lmhosts - ok
16:14:37.0026 5108 [ ACBE1AF32D3123E330A07BFBC5EC4A9B ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
16:14:37.0057 5108 LSI_FC - ok
16:14:37.0057 5108 [ 799FFB2FC4729FA46D2157C0065B3525 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
16:14:37.0089 5108 LSI_SAS - ok
16:14:37.0104 5108 [ F445FF1DAAD8A226366BFAF42551226B ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
16:14:37.0120 5108 LSI_SCSI - ok
16:14:37.0151 5108 [ 52F87B9CC8932C2A7375C3B2A9BE5E3E ] luafv C:\Windows\system32\drivers\luafv.sys
16:14:37.0229 5108 luafv - ok
16:14:37.0245 5108 LVcKap64 - ok
16:14:37.0260 5108 LVPr2M64 - ok
16:14:37.0260 5108 LVRS64 - ok
16:14:37.0276 5108 LVUSBS64 - ok
16:14:37.0416 5108 [ 5747BC465ABEA2858C5D037252AED84E ] LVUVC64 C:\Windows\system32\DRIVERS\lvuvc64.sys
16:14:37.0635 5108 LVUVC64 - ok
16:14:37.0681 5108 [ 92EB844D90615CB266F84C3202B8786E ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
16:14:37.0697 5108 MBAMProtector - ok
16:14:37.0728 5108 [ 1ACAA67676E9E7BDA5E0C41B6E0DECAF ] MBAMScheduler C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
16:14:37.0744 5108 MBAMScheduler - ok
16:14:37.0775 5108 [ 916B8954AC3E06DC9E898AFFB41F3FB6 ] MBAMService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
16:14:37.0806 5108 MBAMService - ok
16:14:37.0837 5108 [ 76A58DF02BD4EA29F189B82D0BEF17F8 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
16:14:37.0884 5108 Mcx2Svc - ok
16:14:37.0931 5108 [ 5C5CD6AACED32FB26C3FB34B3DCF972F ] megasas C:\Windows\system32\drivers\megasas.sys
16:14:37.0947 5108 megasas - ok
16:14:37.0993 5108 [ 859BC2436B076C77C159ED694ACFE8F8 ] MegaSR C:\Windows\system32\drivers\megasr.sys
16:14:38.0025 5108 MegaSR - ok
16:14:38.0056 5108 [ 3CBE4995E80E13CCFBC42E5DCF3AC81A ] MMCSS C:\Windows\system32\mmcss.dll
16:14:38.0118 5108 MMCSS - ok
16:14:38.0149 5108 [ 59848D5CC74606F0EE7557983BB73C2E ] Modem C:\Windows\system32\drivers\modem.sys
16:14:38.0196 5108 Modem - ok
16:14:38.0243 5108 [ C247CC2A57E0A0C8C6DCCF7807B3E9E5 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
16:14:38.0290 5108 monitor - ok
16:14:38.0305 5108 [ 9367304E5E412B120CF5F4EA14E4E4F1 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
16:14:38.0321 5108 mouclass - ok
16:14:38.0352 5108 [ C2C2BD5C5CE5AAF786DDD74B75D2AC69 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
16:14:38.0415 5108 mouhid - ok
16:14:38.0415 5108 [ 11BC9B1E8801B01F7F6ADB9EAD30019B ] MountMgr C:\Windows\system32\drivers\mountmgr.sys
16:14:38.0430 5108 MountMgr - ok
16:14:38.0461 5108 [ F8276EB8698142884498A528DFEA8478 ] mpio C:\Windows\system32\drivers\mpio.sys
16:14:38.0493 5108 mpio - ok
16:14:38.0508 5108 [ C92B9ABDB65A5991E00C28F13491DBA2 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
16:14:38.0555 5108 mpsdrv - ok
16:14:38.0602 5108 [ 897E3BAF68BA406A61682AE39C83900C ] MpsSvc C:\Windows\system32\mpssvc.dll
16:14:38.0711 5108 MpsSvc - ok
16:14:38.0727 5108 [ 3C200630A89EF2C0864D515B7A75802E ] Mraid35x C:\Windows\system32\drivers\mraid35x.sys
16:14:38.0742 5108 Mraid35x - ok
16:14:38.0758 5108 [ 7C1DE4AA96DC0C071611F9E7DE02A68D ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
16:14:38.0805 5108 MRxDAV - ok
16:14:38.0851 5108 [ 1485811B320FF8C7EDAD1CAEBB1C6C2B ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
16:14:38.0914 5108 mrxsmb - ok
16:14:38.0945 5108 [ 3B929A60C833FC615FD97FBA82BC7632 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
16:14:38.0976 5108 mrxsmb10 - ok
16:14:39.0007 5108 [ C64AB3E1F53B4F5B5BB6D796B2D7BEC3 ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
16:14:39.0023 5108 mrxsmb20 - ok
16:14:39.0039 5108 [ 1AC860612B85D8E85EE257D372E39F4D ] msahci C:\Windows\system32\drivers\msahci.sys
16:14:39.0054 5108 msahci - ok
16:14:39.0070 5108 [ 264BBB4AAF312A485F0E44B65A6B7202 ] msdsm C:\Windows\system32\drivers\msdsm.sys
16:14:39.0085 5108 msdsm - ok
16:14:39.0117 5108 [ 7EC02CE772F068ED0BEAFA3DA341A9BC ] MSDTC C:\Windows\System32\msdtc.exe
16:14:39.0148 5108 MSDTC - ok
16:14:39.0163 5108 [ 704F59BFC4512D2BB0146AEC31B10A7C ] Msfs C:\Windows\system32\drivers\Msfs.sys
16:14:39.0210 5108 Msfs - ok
16:14:39.0257 5108 [ 00EBC952961664780D43DCA157E79B27 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
16:14:39.0273 5108 msisadrv - ok
16:14:39.0304 5108 [ 366B0C1F4478B519C181E37D43DCDA32 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
16:14:39.0366 5108 MSiSCSI - ok
16:14:39.0382 5108 msiserver - ok
16:14:39.0413 5108 [ 0EA73E498F53B96D83DBFCA074AD4CF8 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
16:14:39.0491 5108 MSKSSRV - ok
16:14:39.0538 5108 [ 52E59B7E992A58E740AA63F57EDBAE8B ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
16:14:39.0585 5108 MSPCLOCK - ok
16:14:39.0616 5108 [ 49084A75BAE043AE02D5B44D02991BB2 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
16:14:39.0663 5108 MSPQM - ok
16:14:39.0709 5108 [ DC6CCF440CDEDE4293DB41C37A5060A5 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
16:14:39.0725 5108 MsRPC - ok
16:14:39.0741 5108 [ 855796E59DF77EA93AF46F20155BF55B ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
16:14:39.0756 5108 mssmbios - ok
16:14:39.0772 5108 [ 86D632D75D05D5B7C7C043FA3564AE86 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
16:14:39.0819 5108 MSTEE - ok
16:14:39.0834 5108 [ 0CC49F78D8ACA0877D885F149084E543 ] Mup C:\Windows\system32\Drivers\mup.sys
16:14:39.0850 5108 Mup - ok
16:14:39.0881 5108 [ A5B10C845E7538C60C0F5D87A57CB3F5 ] napagent C:\Windows\system32\qagentRT.dll
16:14:39.0943 5108 napagent - ok
16:14:39.0990 5108 [ 2007B826C4ACD94AE32232B41F0842B9 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
16:14:40.0006 5108 NativeWifiP - ok
16:14:40.0084 5108 [ 65950E07329FCEE8E6516B17C8D0ABB6 ] NDIS C:\Windows\system32\drivers\ndis.sys
16:14:40.0131 5108 NDIS - ok
16:14:40.0146 5108 [ 64DF698A425478E321981431AC171334 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
16:14:40.0177 5108 NdisTapi - ok
16:14:40.0209 5108 [ 8BAA43196D7B5BB972C9A6B2BBF61A19 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
16:14:40.0240 5108 Ndisuio - ok
16:14:40.0287 5108 [ F8158771905260982CE724076419EF19 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
16:14:40.0333 5108 NdisWan - ok
16:14:40.0333 5108 [ 9CB77ED7CB72850253E973A2D6AFDF49 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
16:14:40.0365 5108 NDProxy - ok
16:14:40.0396 5108 [ A499294F5029A7862ADC115BDA7371CE ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
16:14:40.0443 5108 NetBIOS - ok
16:14:40.0474 5108 [ FC2C792EBDDC8E28DF939D6A92C83D61 ] netbt C:\Windows\system32\DRIVERS\netbt.sys
16:14:40.0552 5108 netbt - ok
16:14:40.0567 5108 [ 260BF9C43EE12C6898A9F5AAB0FB0E5D ] Netlogon C:\Windows\system32\lsass.exe
16:14:40.0583 5108 Netlogon - ok
16:14:40.0614 5108 [ 9B63B29DEFC0F3115A559D2597BF5D75 ] Netman C:\Windows\System32\netman.dll
16:14:40.0708 5108 Netman - ok
16:14:40.0739 5108 [ 7846D0136CC2B264926A73047BA7688A ] netprofm C:\Windows\System32\netprofm.dll
16:14:40.0801 5108 netprofm - ok
16:14:40.0817 5108 [ 74751DDA198165947FD7454D83F49825 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
16:14:40.0848 5108 NetTcpPortSharing - ok
16:14:40.0864 5108 [ 4AC08BD6AF2DF42E0C3196D826C8AEA7 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
16:14:40.0895 5108 nfrd960 - ok
16:14:40.0911 5108 [ F145BF4C4668E7E312069F81EF847CFC ] NlaSvc C:\Windows\System32\nlasvc.dll
16:14:40.0957 5108 NlaSvc - ok
16:14:40.0973 5108 [ B298874F8E0EA93F06EC40AA8D146478 ] Npfs C:\Windows\system32\drivers\Npfs.sys
16:14:41.0004 5108 Npfs - ok
16:14:41.0020 5108 [ ACB62BAA1C319B17752553DF3026EEEB ] nsi C:\Windows\system32\nsisvc.dll
16:14:41.0067 5108 nsi - ok
16:14:41.0082 5108 [ 1523AF19EE8B030BA682F7A53537EAEB ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
16:14:41.0145 5108 nsiproxy - ok
16:14:41.0191 5108 [ BAC869DFB98E499BA4D9BB1FB43270E1 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
16:14:41.0269 5108 Ntfs - ok
16:14:41.0285 5108 [ DD5D684975352B85B52E3FD5347C20CB ] Null C:\Windows\system32\drivers\Null.sys
16:14:41.0347 5108 Null - ok
16:14:41.0581 5108 [ 51BD7EF17F0B525994AD5B3748C8288B ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
16:14:41.0940 5108 nvlddmkm - ok
16:14:41.0956 5108 [ 2C040B7ADA5B06F6FACADAC8514AA034 ] nvraid C:\Windows\system32\drivers\nvraid.sys
16:14:41.0971 5108 nvraid - ok
16:14:42.0018 5108 [ F7EA0FE82842D05EDA3EFDD376DBFDBA ] nvstor C:\Windows\system32\drivers\nvstor.sys
16:14:42.0034 5108 nvstor - ok
16:14:42.0065 5108 [ FCE8537BF5D504680212D536A3BFE5E2 ] nvsvc C:\Windows\system32\nvvsvc.exe
16:14:42.0096 5108 nvsvc - ok
16:14:42.0127 5108 [ 19067CA93075EF4823E3938A686F532F ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
16:14:42.0143 5108 nv_agp - ok
16:14:42.0159 5108 NwlnkFlt - ok
16:14:42.0159 5108 NwlnkFwd - ok
16:14:42.0268 5108 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
16:14:42.0299 5108 odserv - ok
16:14:42.0346 5108 [ B5B1CE65AC15BBD11C0619E3EF7CFC28 ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys
16:14:42.0393 5108 ohci1394 - ok
16:14:42.0424 5108 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
16:14:42.0471 5108 ose - ok
16:14:42.0502 5108 [ 9AE31D2E1D15C10D91318E0EC149CEAC ] p2pimsvc C:\Windows\system32\p2psvc.dll
16:14:42.0580 5108 p2pimsvc - ok
16:14:42.0595 5108 [ 9AE31D2E1D15C10D91318E0EC149CEAC ] p2psvc C:\Windows\system32\p2psvc.dll
16:14:42.0627 5108 p2psvc - ok
16:14:42.0642 5108 [ AECD57F94C887F58919F307C35498EA0 ] Parport C:\Windows\system32\drivers\parport.sys
16:14:42.0720 5108 Parport - ok
16:14:42.0751 5108 [ B43751085E2ABE389DA466BC62A4B987 ] partmgr C:\Windows\system32\drivers\partmgr.sys
16:14:42.0767 5108 partmgr - ok
16:14:42.0798 5108 [ 9AB157B374192FF276C1628FBDBA2B0E ] PcaSvc C:\Windows\System32\pcasvc.dll
16:14:42.0861 5108 PcaSvc - ok
16:14:43.0017 5108 [ 7204F835A4355D1AB2853E57C9FF177C ] PCD5SRVC{8AAF211B-043E02A9-05040000} C:\PROGRA~1\PC-DOC~1\PCD5SRVC_x64.pkms
16:14:43.0063 5108 PCD5SRVC{8AAF211B-043E02A9-05040000} ( UnsignedFile.Multi.Generic ) - warning
16:14:43.0063 5108 PCD5SRVC{8AAF211B-043E02A9-05040000} - detected UnsignedFile.Multi.Generic (1)
16:14:43.0110 5108 [ 47AB1E0FC9D0E12BB53BA246E3A0906D ] pci C:\Windows\system32\drivers\pci.sys
16:14:43.0126 5108 pci - ok
16:14:43.0126 5108 [ 8D618C829034479985A9ED56106CC732 ] pciide C:\Windows\system32\drivers\pciide.sys
16:14:43.0141 5108 pciide - ok
16:14:43.0157 5108 [ 037661F3D7C507C9993B7010CEEE6288 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
16:14:43.0188 5108 pcmcia - ok
16:14:43.0204 5108 [ 58865916F53592A61549B04941BFD80D ] PEAUTH C:\Windows\system32\drivers\peauth.sys
16:14:43.0313 5108 PEAUTH - ok
16:14:43.0407 5108 [ 0ED8727EA0172860F47258456C06CAEA ] PerfHost C:\Windows\SysWow64\perfhost.exe
16:14:43.0453 5108 PerfHost - ok
16:14:43.0531 5108 [ E9E68C1A0F25CF4A7AC966EEA74EE89E ] pla C:\Windows\system32\pla.dll
16:14:43.0641 5108 pla - ok
16:14:43.0687 5108 [ FE6B0F59215C9FD9F9D26539C58C8B82 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
16:14:43.0734 5108 PlugPlay - ok
16:14:43.0765 5108 [ 9AE31D2E1D15C10D91318E0EC149CEAC ] PNRPAutoReg C:\Windows\system32\p2psvc.dll
16:14:43.0797 5108 PNRPAutoReg - ok
16:14:43.0812 5108 [ 9AE31D2E1D15C10D91318E0EC149CEAC ] PNRPsvc C:\Windows\system32\p2psvc.dll
16:14:43.0843 5108 PNRPsvc - ok
16:14:43.0859 5108 [ 89A5560671C2D8B4A4B51F3E1AA069D8 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
16:14:43.0906 5108 PolicyAgent - ok
16:14:43.0937 5108 [ 23386E9952025F5F21C368971E2E7301 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
16:14:43.0984 5108 PptpMiniport - ok
16:14:44.0015 5108 [ 5080E59ECEE0BC923F14018803AA7A01 ] Processor C:\Windows\system32\drivers\processr.sys
16:14:44.0077 5108 Processor - ok
16:14:44.0093 5108 [ E058CE4FC2449D8BFA14739C83B7FF2A ] ProfSvc C:\Windows\system32\profsvc.dll
16:14:44.0171 5108 ProfSvc - ok
16:14:44.0202 5108 [ 260BF9C43EE12C6898A9F5AAB0FB0E5D ] ProtectedStorage C:\Windows\system32\lsass.exe
16:14:44.0218 5108 ProtectedStorage - ok
16:14:44.0249 5108 [ C5AB7F0809392D0DA027F4A2A81BFA31 ] PSched C:\Windows\system32\DRIVERS\pacer.sys
16:14:44.0280 5108 PSched - ok
16:14:44.0343 5108 [ 05F46042208E515B9C240AAFC54E7AA2 ] PxHlpa64 C:\Windows\system32\Drivers\PxHlpa64.sys
16:14:44.0358 5108 PxHlpa64 - ok
16:14:44.0389 5108 [ 0B83F4E681062F3839BE2EC1D98FD94A ] ql2300 C:\Windows\system32\drivers\ql2300.sys
16:14:44.0436 5108 ql2300 - ok
16:14:44.0467 5108 [ E1C80F8D4D1E39EF9595809C1369BF2A ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
16:14:44.0483 5108 ql40xx - ok
16:14:44.0514 5108 [ 90574842C3DA781E279061A3EFF91F07 ] QWAVE C:\Windows\system32\qwave.dll
16:14:44.0530 5108 QWAVE - ok
16:14:44.0545 5108 [ E8D76EDAB77EC9C634C27B8EAC33ADC5 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
16:14:44.0577 5108 QWAVEdrv - ok
16:14:44.0577 5108 [ 1013B3B663A56D3DDD784F581C1BD005 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
16:14:44.0639 5108 RasAcd - ok
16:14:44.0655 5108 [ B2AE18F847D07F0044404DDF7CB04497 ] RasAuto C:\Windows\System32\rasauto.dll
16:14:44.0701 5108 RasAuto - ok
16:14:44.0717 5108 [ AC7BC4D42A7E558718DFDEC599BBFC2C ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
16:14:44.0748 5108 Rasl2tp - ok
16:14:44.0764 5108 [ 3AD83E4046C43BE510DE681588ACB8AF ] RasMan C:\Windows\System32\rasmans.dll
16:14:44.0826 5108 RasMan - ok
16:14:44.0857 5108 [ 4517FBF8B42524AFE4EDE1DE102AAE3E ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
16:14:44.0889 5108 RasPppoe - ok
16:14:44.0935 5108 [ C6A593B51F34C33E5474539544072527 ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
16:14:45.0013 5108 RasSstp - ok
16:14:45.0060 5108 [ 322DB5C6B55E8D8EE8D6F358B2AAABB1 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
16:14:45.0091 5108 rdbss - ok
16:14:45.0091 5108 [ 603900CC05F6BE65CCBF373800AF3716 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
16:14:45.0138 5108 RDPCDD - ok
16:14:45.0154 5108 [ C045D1FB111C28DF0D1BE8D4BDA22C06 ] rdpdr C:\Windows\system32\drivers\rdpdr.sys
16:14:45.0201 5108 rdpdr - ok
16:14:45.0201 5108 [ CAB9421DAF3D97B33D0D055858E2C3AB ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
16:14:45.0279 5108 RDPENCDD - ok
16:14:45.0310 5108 [ AE4BD9E1C33D351D8E607FC81F15160C ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
16:14:45.0372 5108 RDPWD - ok
16:14:45.0388 5108 [ C612B9557DA73F70D41F8A6FBC8E5344 ] RemoteAccess C:\Windows\System32\mprdim.dll
16:14:45.0435 5108 RemoteAccess - ok
16:14:45.0466 5108 [ 44B9D8EC2F3EF3A0EFB00857AF70D861 ] RemoteRegistry C:\Windows\system32\regsvc.dll
16:14:45.0513 5108 RemoteRegistry - ok
16:14:45.0544 5108 [ F46C457840D4B7A4DAAFEE739CE04102 ] RpcLocator C:\Windows\system32\locator.exe
16:14:45.0606 5108 RpcLocator - ok
16:14:45.0637 5108 [ CF8B9A3A5E7DC57724A89D0C3E8CF9EF ] RpcSs C:\Windows\system32\rpcss.dll
16:14:45.0684 5108 RpcSs - ok
16:14:45.0700 5108 [ 22A9CB08B1A6707C1550C6BF099AAE73 ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
16:14:45.0762 5108 rspndr - ok
16:14:45.0793 5108 [ 8B91737DA75ADD21CB1554B38089196A ] RTL8169 C:\Windows\system32\DRIVERS\Rtlh64.sys
16:14:45.0840 5108 RTL8169 - ok
16:14:45.0871 5108 [ 260BF9C43EE12C6898A9F5AAB0FB0E5D ] SamSs C:\Windows\system32\lsass.exe
16:14:45.0887 5108 SamSs - ok
16:14:45.0903 5108 [ CD9C693589C60AD59BBBCFB0E524E01B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
16:14:45.0918 5108 sbp2port - ok
16:14:45.0934 5108 [ FD1CDCF108D5EF3366F00D18B70FB89B ] SCardSvr C:\Windows\System32\SCardSvr.dll
16:14:45.0965 5108 SCardSvr - ok
16:14:46.0012 5108 [ 0F838C811AD295D2A4489B9993096C63 ] Schedule C:\Windows\system32\schedsvc.dll
16:14:46.0074 5108 Schedule - ok
16:14:46.0105 5108 [ 5A268127633C7EE2A7FB87F39D748D56 ] SCPolicySvc C:\Windows\System32\certprop.dll
16:14:46.0121 5108 SCPolicySvc - ok
16:14:46.0147 5108 [ 4FF71B076A7760FE75EA5AE2D0EE0018 ] SDRSVC C:\Windows\System32\SDRSVC.dll
16:14:46.0217 5108 SDRSVC - ok
16:14:46.0227 5108 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
16:14:46.0317 5108 secdrv - ok
16:14:46.0337 5108 [ 5ACDCBC67FCF894A1815B9F96D704490 ] seclogon C:\Windows\system32\seclogon.dll
16:14:46.0377 5108 seclogon - ok
16:14:46.0397 5108 [ 90973A64B96CD647FF81C79443618EED ] SENS C:\Windows\System32\sens.dll
16:14:46.0467 5108 SENS - ok
16:14:46.0487 5108 [ F71BFE7AC6C52273B7C82CBF1BB2A222 ] Serenum C:\Windows\system32\drivers\serenum.sys
16:14:46.0547 5108 Serenum - ok
16:14:46.0577 5108 [ E62FAC91EE288DB29A9696A9D279929C ] Serial C:\Windows\system32\drivers\serial.sys
16:14:46.0627 5108 Serial - ok
16:14:46.0637 5108 [ A842F04833684BCEEA7336211BE478DF ] sermouse C:\Windows\system32\drivers\sermouse.sys
16:14:46.0687 5108 sermouse - ok
16:14:46.0707 5108 [ A8E4A4407A09F35DCCC3771AF590B0C4 ] SessionEnv C:\Windows\system32\sessenv.dll
16:14:46.0747 5108 SessionEnv - ok
16:14:46.0767 5108 [ 14D4B4465193A87C127933978E8C4106 ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
16:14:46.0797 5108 sffdisk - ok
16:14:46.0807 5108 [ 7073AEE3F82F3D598E3825962AA98AB2 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
16:14:46.0867 5108 sffp_mmc - ok
16:14:46.0887 5108 [ 35E59EBE4A01A0532ED67975161C7B82 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
16:14:46.0927 5108 sffp_sd - ok
16:14:46.0937 5108 [ 6B7838C94135768BD455CBDC23E39E5F ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
16:14:47.0007 5108 sfloppy - ok
16:14:47.0037 5108 [ 4C5AEE179DA7E1EE9A9CCB9DA289AF34 ] SharedAccess C:\Windows\System32\ipnathlp.dll
16:14:47.0117 5108 SharedAccess - ok
16:14:47.0147 5108 [ 56793271ECDEDD350C5ADD305603E963 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
16:14:47.0177 5108 ShellHWDetection - ok
16:14:47.0197 5108 [ 7A5DE502AEB719D4594C6471060A78B3 ] SiSRaid2 C:\Windows\system32\drivers\sisraid2.sys
16:14:47.0207 5108 SiSRaid2 - ok
16:14:47.0227 5108 [ 3A2F769FAB9582BC720E11EA1DFB184D ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
16:14:47.0247 5108 SiSRaid4 - ok
16:14:47.0307 5108 [ A9A27A8E257B45A604FDAD4F26FE7241 ] slsvc C:\Windows\system32\SLsvc.exe
16:14:47.0407 5108 slsvc - ok
16:14:47.0437 5108 [ FD74B4B7C2088E390A30C85A896FC3AF ] SLUINotify C:\Windows\system32\SLUINotify.dll
16:14:47.0467 5108 SLUINotify - ok
16:14:47.0487 5108 [ 290B6F6A0EC4FCDFC90F5CB6D7020473 ] Smb C:\Windows\system32\DRIVERS\smb.sys
16:14:47.0537 5108 Smb - ok
16:14:47.0577 5108 [ F8F47F38909823B1AF28D60B96340CFF ] SNMPTRAP C:\Windows\System32\snmptrap.exe
16:14:47.0607 5108 SNMPTRAP - ok
16:14:47.0647 5108 [ 386C3C63F00A7040C7EC5E384217E89D ] spldr C:\Windows\system32\drivers\spldr.sys
16:14:47.0667 5108 spldr - ok
16:14:47.0717 5108 [ F66FF751E7EFC816D266977939EF5DC3 ] Spooler C:\Windows\System32\spoolsv.exe
16:14:47.0777 5108 Spooler - ok
16:14:47.0847 5108 [ 880A57FCCB571EBD063D4DD50E93E46D ] srv C:\Windows\system32\DRIVERS\srv.sys
16:14:47.0898 5108 srv - ok
16:14:47.0934 5108 [ A1AD14A6D7A37891FFFECA35EBBB0730 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
16:14:47.0991 5108 srv2 - ok
16:14:48.0023 5108 [ 4BED62F4FA4D8300973F1151F4C4D8A7 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
16:14:48.0064 5108 srvnet - ok
16:14:48.0131 5108 [ 192C74646EC5725AEF3F80D19FF75F6A ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
16:14:48.0221 5108 SSDPSRV - ok
16:14:48.0252 5108 [ 2EE3FA0308E6185BA64A9A7F2E74332B ] SstpSvc C:\Windows\system32\sstpsvc.dll
16:14:48.0267 5108 SstpSvc - ok
16:14:48.0299 5108 [ 15825C1FBFB8779992CB65087F316AF5 ] stisvc C:\Windows\System32\wiaservc.dll
16:14:48.0361 5108 stisvc - ok
16:14:48.0392 5108 [ 8A851CA908B8B974F89C50D2E18D4F0C ] swenum C:\Windows\system32\DRIVERS\swenum.sys
16:14:48.0408 5108 swenum - ok
16:14:48.0455 5108 [ 6DE37F4DE19D4EFD9C48C43ADDBC949A ] swprv C:\Windows\System32\swprv.dll
16:14:48.0486 5108 swprv - ok
16:14:48.0501 5108 [ 2F26A2C6FC96B29BEFF5D8ED74E6625B ] Symc8xx C:\Windows\system32\drivers\symc8xx.sys
16:14:48.0517 5108 Symc8xx - ok
16:14:48.0533 5108 [ A909667976D3BCCD1DF813FED517D837 ] Sym_hi C:\Windows\system32\drivers\sym_hi.sys
16:14:48.0548 5108 Sym_hi - ok
16:14:48.0579 5108 [ 36887B56EC2D98B9C362F6AE4DE5B7B0 ] Sym_u3 C:\Windows\system32\drivers\sym_u3.sys
16:14:48.0595 5108 Sym_u3 - ok
16:14:48.0642 5108 [ 92D7A8B0F87B036F17D25885937897A6 ] SysMain C:\Windows\system32\sysmain.dll
16:14:48.0720 5108 SysMain - ok
16:14:48.0751 5108 [ 005CE42567F9113A3BCCB3B20073B029 ] TabletInputService C:\Windows\System32\TabSvc.dll
16:14:48.0798 5108 TabletInputService - ok
16:14:48.0829 5108 [ CC2562B4D55E0B6A4758C65407F63B79 ] TapiSrv C:\Windows\System32\tapisrv.dll
16:14:48.0876 5108 TapiSrv - ok
16:14:48.0891 5108 [ CDBE8D7C1E201B911CDC346D06617FB5 ] TBS C:\Windows\System32\tbssvc.dll
16:14:48.0969 5108 TBS - ok
16:14:49.0032 5108 [ 0E970F59D7FBB838316176B19A2ADB82 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
16:14:49.0079 5108 Tcpip - ok
16:14:49.0110 5108 [ 0E970F59D7FBB838316176B19A2ADB82 ] Tcpip6 C:\Windows\system32\DRIVERS\tcpip.sys
16:14:49.0172 5108 Tcpip6 - ok
16:14:49.0203 5108 [ C7E72A4071EE0200E3C075DACFB2B334 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
16:14:49.0266 5108 tcpipreg - ok
16:14:49.0297 5108 [ 1D8BF4AAA5FB7A2761475781DC1195BC ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
16:14:49.0344 5108 TDPIPE - ok
16:14:49.0359 5108 [ 7F7E00CDF609DF657F4CDA02DD1C9BB1 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
16:14:49.0422 5108 TDTCP - ok
16:14:49.0437 5108 [ 458919C8C42E398DC4802178D5FFEE27 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
16:14:49.0484 5108 tdx - ok
16:14:49.0515 5108 [ 8C19678D22649EC002EF2282EAE92F98 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
16:14:49.0547 5108 TermDD - ok
16:14:49.0562 5108 [ 5CDD30BC217082DAC71A9878D9BFD566 ] TermService C:\Windows\System32\termsrv.dll
16:14:49.0656 5108 TermService - ok
16:14:49.0671 5108 [ 56793271ECDEDD350C5ADD305603E963 ] Themes C:\Windows\system32\shsvcs.dll
16:14:49.0687 5108 Themes - ok
16:14:49.0734 5108 [ 3CBE4995E80E13CCFBC42E5DCF3AC81A ] THREADORDER C:\Windows\system32\mmcss.dll
16:14:49.0765 5108 THREADORDER - ok
16:14:49.0796 5108 [ F4689F05AF472A651A7B1B7B02D200E7 ] TrkWks C:\Windows\System32\trkwks.dll
16:14:49.0859 5108 TrkWks - ok
16:14:49.0905 5108 [ 66328B08EF5A9305D8EDE36B93930369 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
16:14:49.0983 5108 TrustedInstaller - ok
16:14:49.0999 5108 [ 9E5409CD17C8BEF193AAD498F3BC2CB8 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
16:14:50.0061 5108 tssecsrv - ok
16:14:50.0108 5108 [ 89EC74A9E602D16A75A4170511029B3C ] tunmp C:\Windows\system32\DRIVERS\tunmp.sys
16:14:50.0124 5108 tunmp - ok
16:14:50.0171 5108 [ 30A9B3F45AD081BFFC3BCAA9C812B609 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
16:14:50.0202 5108 tunnel - ok
16:14:50.0233 5108 [ FEC266EF401966311744BD0F359F7F56 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
16:14:50.0249 5108 uagp35 - ok
16:14:50.0280 5108 [ FAF2640A2A76ED03D449E443194C4C34 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
16:14:50.0327 5108 udfs - ok
16:14:50.0342 5108 [ 060507C4113391394478F6953A79EEDC ] UI0Detect C:\Windows\system32\UI0Detect.exe
16:14:50.0405 5108 UI0Detect - ok
16:14:50.0420 5108 [ 4EC9447AC3AB462647F60E547208CA00 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
16:14:50.0451 5108 uliagpkx - ok
16:14:50.0467 5108 [ 697F0446134CDC8F99E69306184FBBB4 ] uliahci C:\Windows\system32\drivers\uliahci.sys
16:14:50.0483 5108 uliahci - ok
16:14:50.0498 5108 [ 31707F09846056651EA2C37858F5DDB0 ] UlSata C:\Windows\system32\drivers\ulsata.sys
16:14:50.0514 5108 UlSata - ok
16:14:50.0529 5108 [ 85E5E43ED5B48C8376281BAB519271B7 ] ulsata2 C:\Windows\system32\drivers\ulsata2.sys
16:14:50.0561 5108 ulsata2 - ok
16:14:50.0576 5108 [ 46E9A994C4FED537DD951F60B86AD3F4 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
16:14:50.0654 5108 umbus - ok
16:14:50.0685 5108 [ 7093799FF80E9DECA0680D2E3535BE60 ] upnphost C:\Windows\System32\upnphost.dll
16:14:50.0732 5108 upnphost - ok
16:14:50.0795 5108 [ AF1B9474D67897D0C2CFF58E0ACEACCC ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
16:14:50.0841 5108 USBAAPL64 - ok
16:14:50.0873 5108 [ C6BA890DE6E41857FBE84175519CAE7D ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
16:14:50.0904 5108 usbaudio - ok
16:14:50.0951 5108 [ 07E3498FC60834219D2356293DA0FECC ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
16:14:50.0997 5108 usbccgp - ok
16:14:51.0013 5108 [ 9247F7E0B65852C1F6631480984D6ED2 ] usbcir C:\Windows\system32\drivers\usbcir.sys
16:14:51.0091 5108 usbcir - ok
16:14:51.0107 5108 [ 827E44DE934A736EA31E91D353EB126F ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
16:14:51.0153 5108 usbehci - ok
16:14:51.0169 5108 [ BB35CD80A2ECECFADC73569B3D70C7D1 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
16:14:51.0200 5108 usbhub - ok
16:14:51.0231 5108 [ EBA14EF0C07CEC233F1529C698D0D154 ] usbohci C:\Windows\system32\drivers\usbohci.sys
16:14:51.0309 5108 usbohci - ok
16:14:51.0341 5108 [ 28B693B6D31E7B9332C1BDCEFEF228C1 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
16:14:51.0372 5108 usbprint - ok
16:14:51.0419 5108 [ EA0BF666868964FBE8CB10E50C97B9F1 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
16:14:51.0497 5108 usbscan - ok
16:14:51.0528 5108 [ B854C1558FCA0C269A38663E8B59B581 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
16:14:51.0543 5108 USBSTOR - ok
16:14:51.0559 5108 [ B2872CBF9F47316ABD0E0C74A1ABA507 ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
16:14:51.0606 5108 usbuhci - ok
16:14:51.0653 5108 [ FC33099877790D51B0927B7039059855 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys
16:14:51.0715 5108 usbvideo - ok
16:14:51.0762 5108 [ D76E231E4850BB3F88A3D9A78DF191E3 ] UxSms C:\Windows\System32\uxsms.dll
16:14:51.0793 5108 UxSms - ok
16:14:51.0809 5108 [ 294945381DFA7CE58CECF0A9896AF327 ] vds C:\Windows\System32\vds.exe
16:14:51.0855 5108 vds - ok
16:14:51.0887 5108 [ 916B94BCF1E09873FFF2D5FB11767BBC ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
16:14:51.0949 5108 vga - ok
16:14:51.0965 5108 [ B83AB16B51FEDA65DD81B8C59D114D63 ] VgaSave C:\Windows\System32\drivers\vga.sys
16:14:52.0027 5108 VgaSave - ok
16:14:52.0027 5108 [ 8294B6C3FDB6C33F24E150DE647ECDAA ] viaide C:\Windows\system32\drivers\viaide.sys
16:14:52.0043 5108 viaide - ok
16:14:52.0089 5108 [ 905DD422D28A32FACE8AE695B3823843 ] vidsflt67 C:\Windows\system32\DRIVERS\vsflt67.sys
16:14:52.0105 5108 vidsflt67 - ok
16:14:52.0121 5108 [ 2B7E885ED951519A12C450D24535DFCA ] volmgr C:\Windows\system32\drivers\volmgr.sys
16:14:52.0136 5108 volmgr - ok
16:14:52.0167 5108 [ CEC5AC15277D75D9E5DEC2E1C6EAF877 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
16:14:52.0214 5108 volmgrx - ok
16:14:52.0261 5108 [ 582F710097B46140F5A89A19A6573D4B ] volsnap C:\Windows\system32\drivers\volsnap.sys
16:14:52.0277 5108 volsnap - ok
16:14:52.0292 5108 [ A68F455ED2673835209318DD61BFBB0E ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
16:14:52.0308 5108 vsmraid - ok
16:14:52.0370 5108 [ B75232DAD33BFD95BF6F0A3E6BFF51E1 ] VSS C:\Windows\system32\vssvc.exe
16:14:52.0448 5108 VSS - ok
16:14:52.0479 5108 [ F14A7DE2EA41883E250892E1E5230A9A ] W32Time C:\Windows\system32\w32time.dll
16:14:52.0557 5108 W32Time - ok
16:14:52.0604 5108 [ FEF8FE5923FEAD2CEE4DFABFCE3393A7 ] WacomPen C:\Windows\system32\drivers\wacompen.sys
16:14:52.0682 5108 WacomPen - ok
16:14:52.0729 5108 [ B8E7049622300D20BA6D8BE0C47C0CFD ] Wanarp C:\Windows\system32\DRIVERS\wanarp.sys
16:14:52.0776 5108 Wanarp - ok
16:14:52.0776 5108 [ B8E7049622300D20BA6D8BE0C47C0CFD ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
16:14:52.0807 5108 Wanarpv6 - ok
16:14:52.0823 5108 [ B4E4C37D0AA6100090A53213EE2BF1C1 ] wcncsvc C:\Windows\System32\wcncsvc.dll
16:14:52.0885 5108 wcncsvc - ok
16:14:52.0932 5108 [ EA4B369560E986F19D93F45A881484AC ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
16:14:53.0010 5108 WcsPlugInService - ok
16:14:53.0041 5108 [ 0C17A0816F65B89E362E682AD5E7266E ] Wd C:\Windows\system32\drivers\wd.sys
16:14:53.0057 5108 Wd - ok
16:14:53.0119 5108 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
16:14:53.0213 5108 Wdf01000 - ok
16:14:53.0228 5108 [ C5EFDA73EBFCA8B02A094898DE0A9276 ] WdiServiceHost C:\Windows\system32\wdi.dll
16:14:53.0291 5108 WdiServiceHost - ok
16:14:53.0291 5108 [ C5EFDA73EBFCA8B02A094898DE0A9276 ] WdiSystemHost C:\Windows\system32\wdi.dll
16:14:53.0337 5108 WdiSystemHost - ok
16:14:53.0347 5108 [ 3E6D05381CF35F75EBB055544A8ED9AC ] WebClient C:\Windows\System32\webclnt.dll
16:14:53.0377 5108 WebClient - ok
16:14:53.0397 5108 [ 8D40BC587993F876658BF9FB0F7D3462 ] Wecsvc C:\Windows\system32\wecsvc.dll
16:14:53.0457 5108 Wecsvc - ok
16:14:53.0457 5108 [ 9C980351D7E96288EA0C23AE232BD065 ] wercplsupport C:\Windows\System32\wercplsupport.dll
16:14:53.0507 5108 wercplsupport - ok
16:14:53.0527 5108 [ 66B9ECEBC46683F47EDC06333C075FEF ] WerSvc C:\Windows\System32\WerSvc.dll
16:14:53.0577 5108 WerSvc - ok
16:14:53.0617 5108 WinDefend - ok
16:14:53.0627 5108 WinHttpAutoProxySvc - ok
16:14:53.0677 5108 [ D2E7296ED1BD26D8DB2799770C077A02 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
16:14:53.0717 5108 Winmgmt - ok
16:14:53.0797 5108 [ 6CBB0C68F13B9C2EC1B16F5FA5E7C869 ] WinRM C:\Windows\system32\WsmSvc.dll
16:14:53.0897 5108 WinRM - ok
16:14:53.0977 5108 [ EC339C8115E91BAED835957E9A677F16 ] Wlansvc C:\Windows\System32\wlansvc.dll
16:14:54.0067 5108 Wlansvc - ok
16:14:54.0097 5108 [ E18AEBAAA5A773FE11AA2C70F65320F5 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
16:14:54.0127 5108 WmiAcpi - ok
16:14:54.0157 5108 [ 21FA389E65A852698B6A1341F36EE02D ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
16:14:54.0207 5108 wmiApSrv - ok
16:14:54.0237 5108 WMPNetworkSvc - ok
16:14:54.0257 5108 [ CBC156C913F099E6680D1DF9307DB7A8 ] WPCSvc C:\Windows\System32\wpcsvc.dll
16:14:54.0347 5108 WPCSvc - ok
16:14:54.0377 5108 [ 490A18B4E4D53DC10879DEAA8E8B70D9 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
16:14:54.0427 5108 WPDBusEnum - ok
16:14:54.0487 5108 [ 5E2401B3FC1089C90E081291357371A9 ] WpdUsb C:\Windows\system32\DRIVERS\wpdusb.sys
16:14:54.0517 5108 WpdUsb - ok
16:14:54.0717 5108 [ 991E2C2CF3BC204C2BB2EE1476149E4E ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe
16:14:54.0767 5108 WPFFontCache_v0400 - ok
16:14:54.0797 5108 [ 8A900348370E359B6BFF6A550E4649E1 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
16:14:54.0847 5108 ws2ifsl - ok
16:14:54.0877 5108 [ 9EA3E6D0EF7A5C2B9181961052A4B01A ] wscsvc C:\Windows\System32\wscsvc.dll
16:14:54.0897 5108 wscsvc - ok
16:14:54.0897 5108 WSearch - ok
16:14:54.0994 5108 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
16:14:55.0100 5108 wuauserv - ok
16:14:55.0157 5108 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
16:14:55.0214 5108 WudfPf - ok
16:14:55.0259 5108 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
16:14:55.0281 5108 WUDFRd - ok
16:14:55.0331 5108 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
16:14:55.0391 5108 wudfsvc - ok
16:14:55.0469 5108 [ 1CACFEF9E5DD866C5B79A135EE729E18 ] {55662437-DA8C-40c0-AADA-2C816A897A49} C:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl
16:14:55.0500 5108 {55662437-DA8C-40c0-AADA-2C816A897A49} - ok
16:14:55.0500 5108 ================ Scan global ===============================
16:14:55.0531 5108 [ 060DC3A7A9A2626031EB23D90151428D ] C:\Windows\system32\basesrv.dll
16:14:55.0562 5108 [ AA137104CDFC81818A309CDE32ABB74A ] C:\Windows\system32\winsrv.dll
16:14:55.0578 5108 [ AA137104CDFC81818A309CDE32ABB74A ] C:\Windows\system32\winsrv.dll
16:14:55.0609 5108 [ 934E0B7D77FF78C18D9F8891221B6DE3 ] C:\Windows\system32\services.exe
16:14:55.0625 5108 [Global] - ok
16:14:55.0625 5108 ================ Scan MBR ==================================
16:14:55.0625 5108 [ 81CD5EC01DB0CE57EDD853F82462EF27 ] \Device\Harddisk0\DR0
16:14:56.0265 5108 \Device\Harddisk0\DR0 - ok
16:14:56.0268 5108 [ F05261C246CE4B3C544521FFFF7AEF5D ] \Device\Harddisk1\DR1
16:14:58.0361 5108 \Device\Harddisk1\DR1 - ok
16:14:58.0361 5108 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk2\DR2
16:14:58.0922 5108 \Device\Harddisk2\DR2 - ok
16:14:58.0922 5108 ================ Scan VBR ==================================
16:14:58.0922 5108 [ 0195742A65C7EE1BA1E620D5B4B828A5 ] \Device\Harddisk0\DR0\Partition1
16:14:58.0938 5108 \Device\Harddisk0\DR0\Partition1 - ok
16:14:58.0938 5108 [ 56ACAB07268653601D6771A4EAB0DDD3 ] \Device\Harddisk0\DR0\Partition2
16:14:58.0954 5108 \Device\Harddisk0\DR0\Partition2 - ok
16:14:58.0969 5108 [ 3C86E7712B52FA115A1064D2DE77EA04 ] \Device\Harddisk1\DR1\Partition1
16:14:58.0985 5108 \Device\Harddisk1\DR1\Partition1 - ok
16:14:58.0985 5108 [ E3DB6F720B861D8195D942FF069DB3E6 ] \Device\Harddisk2\DR2\Partition1
16:14:59.0000 5108 \Device\Harddisk2\DR2\Partition1 - ok
16:14:59.0000 5108 ============================================================
16:14:59.0000 5108 Scan finished
16:14:59.0000 5108 ============================================================
16:14:59.0000 6000 Detected object count: 3
16:14:59.0000 6000 Actual detected object count: 3
16:15:50.0855 6000 HP Health Check Service ( UnsignedFile.Multi.Generic ) - skipped by user
16:15:50.0855 6000 HP Health Check Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:15:50.0855 6000 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
16:15:50.0855 6000 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:15:50.0855 6000 PCD5SRVC{8AAF211B-043E02A9-05040000} ( UnsignedFile.Multi.Generic ) - skipped by user
16:15:50.0855 6000 PCD5SRVC{8AAF211B-043E02A9-05040000} ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:17:04.0939 4812 ============================================================
16:17:04.0939 4812 Scan started
16:17:04.0939 4812 Mode: Manual; SigCheck; TDLFS;
16:17:04.0939 4812 ============================================================
16:17:05.0501 4812 ================ Scan system memory ========================
16:17:05.0501 4812 System memory - ok
16:17:05.0501 4812 ================ Scan services =============================
16:17:05.0579 4812 ACDaemon - ok
16:17:05.0688 4812 [ 1965AAFFAB07E3FB03C77F81BEBA3547 ] ACPI C:\Windows\system32\drivers\acpi.sys
16:17:05.0719 4812 ACPI - ok
16:17:05.0797 4812 [ EA856F4A46320389D1899B2CAA7BF40F ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
16:17:05.0828 4812 AdobeFlashPlayerUpdateSvc - ok
16:17:05.0844 4812 [ F14215E37CF124104575073F782111D2 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
16:17:05.0875 4812 adp94xx - ok
16:17:05.0891 4812 [ 7D05A75E3066861A6610F7EE04FF085C ] adpahci C:\Windows\system32\drivers\adpahci.sys
16:17:05.0922 4812 adpahci - ok
16:17:05.0938 4812 [ 820A201FE08A0C345B3BEDBC30E1A77C ] adpu160m C:\Windows\system32\drivers\adpu160m.sys
16:17:05.0953 4812 adpu160m - ok
16:17:05.0984 4812 [ 9B4AB6854559DC168FBB4C24FC52E794 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
16:17:06.0000 4812 adpu320 - ok
16:17:06.0016 4812 [ 0F421175574BFE0BF2F4D8E910A253BB ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
16:17:06.0047 4812 AeLookupSvc - ok
16:17:06.0094 4812 [ C4F6CE6087760AD70960C9EB130E7943 ] AFD C:\Windows\system32\drivers\afd.sys
16:17:06.0125 4812 AFD - ok
16:17:06.0156 4812 [ F6F6793B7F17B550ECFDBD3B229173F7 ] agp440 C:\Windows\system32\drivers\agp440.sys
16:17:06.0172 4812 agp440 - ok
16:17:06.0187 4812 [ 222CB641B4B8A1D1126F8033F9FD6A00 ] aic78xx C:\Windows\system32\drivers\djsvs.sys
16:17:06.0203 4812 aic78xx - ok
16:17:06.0218 4812 [ 5922F4F59B7868F3D74BBBBEB7B825A3 ] ALG C:\Windows\System32\alg.exe
16:17:06.0265 4812 ALG - ok
16:17:06.0281 4812 [ 157D0898D4B73F075CE9FA26B482DF98 ] aliide C:\Windows\system32\drivers\aliide.sys
16:17:06.0296 4812 aliide - ok
16:17:06.0343 4812 [ 5EC60409BD50953BD4F892B18840039E ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
16:17:06.0359 4812 AMD External Events Utility - ok
16:17:06.0359 4812 [ 970FA5059E61E30D25307B99903E991E ] amdide C:\Windows\system32\drivers\amdide.sys
16:17:06.0374 4812 amdide - ok
16:17:06.0390 4812 [ CDC3632A3A5EA4DBB83E46076A3165A1 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
16:17:06.0437 4812 AmdK8 - ok
16:17:06.0624 4812 [ 322E5C178990F116F00E3D923F4E6B1C ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys
16:17:06.0858 4812 amdkmdag - ok
16:17:06.0905 4812 [ 961A81A84FDD700E361E8294528A37BA ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys
16:17:06.0936 4812 amdkmdap - ok
16:17:06.0952 4812 [ 9C37B3FD5615477CB9A0CD116CF43F5C ] Appinfo C:\Windows\System32\appinfo.dll
16:17:06.0983 4812 Appinfo - ok
16:17:07.0030 4812 [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
16:17:07.0045 4812 Apple Mobile Device - ok
16:17:07.0061 4812 [ BA8417D4765F3988FF921F30F630E303 ] arc C:\Windows\system32\drivers\arc.sys
16:17:07.0076 4812 arc - ok
16:17:07.0092 4812 [ 9D41C435619733B34CC16A511E644B11 ] arcsas C:\Windows\system32\drivers\arcsas.sys
16:17:07.0108 4812 arcsas - ok
16:17:07.0123 4812 [ 22D13FF3DAFEC2A80634752B1EAA2DE6 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
16:17:07.0154 4812 AsyncMac - ok
16:17:07.0170 4812 [ 1898FAE8E07D97F2F6C2D5326C633FAC ] atapi C:\Windows\system32\drivers\atapi.sys
16:17:07.0186 4812 atapi - ok
16:17:07.0201 4812 [ 1A872AB76D00F52643BB0F81792BBF3B ] AtiHDAudioService C:\Windows\system32\drivers\AtihdLH6.sys
16:17:07.0217 4812 AtiHDAudioService - ok
16:17:07.0264 4812 [ 79318C744693EC983D20E9337A2F8196 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
16:17:07.0310 4812 AudioEndpointBuilder - ok
16:17:07.0310 4812 [ 79318C744693EC983D20E9337A2F8196 ] AudioSrv C:\Windows\System32\Audiosrv.dll
16:17:07.0357 4812 AudioSrv - ok
16:17:07.0420 4812 [ 6C9D5BADC8F83D410A278717C2EEA6F6 ] AVP C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe
16:17:07.0435 4812 AVP - ok
16:17:07.0482 4812 [ FFB96C2589FFA60473EAD78B39FBDE29 ] BFE C:\Windows\System32\bfe.dll
16:17:07.0513 4812 BFE - ok
16:17:07.0560 4812 [ 6D316F4859634071CC25C4FD4589AD2C ] BITS C:\Windows\System32\qmgr.dll
16:17:07.0622 4812 BITS - ok
16:17:07.0638 4812 [ 79FEEB40056683F8F61398D81DDA65D2 ] blbdrive C:\Windows\system32\drivers\blbdrive.sys
16:17:07.0669 4812 blbdrive - ok
16:17:07.0732 4812 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
16:17:07.0763 4812 Bonjour Service - ok
16:17:07.0841 4812 [ 2348447A80920B2493A9B582A23E81E1 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
16:17:07.0856 4812 bowser - ok
16:17:07.0872 4812 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\drivers\brfiltlo.sys
16:17:07.0888 4812 BrFiltLo - ok
16:17:07.0903 4812 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\drivers\brfiltup.sys
16:17:07.0934 4812 BrFiltUp - ok
16:17:07.0950 4812 [ A1B39DE453433B115B4EA69EE0343816 ] Browser C:\Windows\System32\browser.dll
16:17:07.0997 4812 Browser - ok
16:17:08.0012 4812 [ F0F0BA4D815BE446AA6A4583CA3BCA9B ] Brserid C:\Windows\system32\drivers\brserid.sys
16:17:08.0059 4812 Brserid - ok
16:17:08.0075 4812 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\system32\drivers\brserwdm.sys
16:17:08.0137 4812 BrSerWdm - ok
16:17:08.0153 4812 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\system32\drivers\brusbmdm.sys
16:17:08.0200 4812 BrUsbMdm - ok
16:17:08.0215 4812 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\system32\drivers\brusbser.sys
16:17:08.0262 4812 BrUsbSer - ok
16:17:08.0293 4812 [ E0777B34E05F8A82A21856EFC900C29F ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
16:17:08.0340 4812 BTHMODEM - ok
16:17:08.0356 4812 [ B4D787DB8D30793A4D4DF9FEED18F136 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
16:17:08.0387 4812 cdfs - ok
16:17:08.0434 4812 [ C025AA69BE3D0D25C7A2E746EF6F94FC ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
16:17:08.0449 4812 cdrom - ok
16:17:08.0496 4812 [ 5A268127633C7EE2A7FB87F39D748D56 ] CertPropSvc C:\Windows\System32\certprop.dll
16:17:08.0512 4812 CertPropSvc - ok
16:17:08.0527 4812 [ 02EA568D498BBDD4BA55BF3FCE34D456 ] circlass C:\Windows\system32\drivers\circlass.sys
16:17:08.0558 4812 circlass - ok
16:17:08.0590 4812 [ 3DCA9A18B204939CFB24BEA53E31EB48 ] CLFS C:\Windows\system32\CLFS.sys
16:17:08.0621 4812 CLFS - ok
16:17:08.0699 4812 [ 8EE772032E2FE80A924F3B8DD5082194 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
16:17:08.0699 4812 clr_optimization_v2.0.50727_32 - ok
16:17:08.0761 4812 [ CE07A466201096F021CD09D631B21540 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
16:17:08.0777 4812 clr_optimization_v2.0.50727_64 - ok
16:17:08.0870 4812 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
16:17:08.0886 4812 clr_optimization_v4.0.30319_32 - ok
16:17:08.0933 4812 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
16:17:08.0948 4812 clr_optimization_v4.0.30319_64 - ok
16:17:08.0964 4812 [ E5D5499A1C50A54B5161296B6AFE6192 ] cmdide C:\Windows\system32\drivers\cmdide.sys
16:17:08.0980 4812 cmdide - ok
16:17:08.0980 4812 [ 7FB8AD01DB0EABE60C8A861531A8F431 ] Compbatt C:\Windows\system32\drivers\compbatt.sys
16:17:08.0995 4812 Compbatt - ok
16:17:08.0995 4812 COMSysApp - ok
16:17:09.0011 4812 [ A8585B6412253803CE8EFCBD6D6DC15C ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
16:17:09.0026 4812 crcdisk - ok
16:17:09.0073 4812 [ CA78B312C44E4D52E842C2C8BD48E452 ] CryptSvc C:\Windows\system32\cryptsvc.dll
16:17:09.0089 4812 CryptSvc - ok
16:17:09.0136 4812 [ CF8B9A3A5E7DC57724A89D0C3E8CF9EF ] DcomLaunch C:\Windows\system32\rpcss.dll
16:17:09.0182 4812 DcomLaunch - ok
16:17:09.0229 4812 [ 8B722BA35205C71E7951CDC4CDBADE19 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
16:17:09.0245 4812 DfsC - ok
16:17:09.0338 4812 [ C647F468F7DE343DF8C143655C5557D4 ] DFSR C:\Windows\system32\DFSR.exe
16:17:09.0432 4812 DFSR - ok
16:17:09.0463 4812 [ 3ED0321127CE70ACDAABBF77E157C2A7 ] Dhcp C:\Windows\System32\dhcpcsvc.dll
16:17:09.0494 4812 Dhcp - ok
16:17:09.0526 4812 [ B0107E40ECDB5FA692EBF832F295D905 ] disk C:\Windows\system32\drivers\disk.sys
16:17:09.0541 4812 disk - ok
16:17:09.0604 4812 [ 06230F1B721494A6DF8D47FD395BB1B0 ] Dnscache C:\Windows\System32\dnsrslvr.dll
16:17:09.0619 4812 Dnscache - ok
16:17:09.0635 4812 [ 1A7156DD1E850E9914E5E991E3225B94 ] dot3svc C:\Windows\System32\dot3svc.dll
16:17:09.0666 4812 dot3svc - ok
16:17:09.0697 4812 [ 1583B39790DB3EAEC7EDB0CB0140C708 ] DPS C:\Windows\system32\dps.dll
16:17:09.0728 4812 DPS - ok
16:17:09.0760 4812 [ F1A78A98CFC2EE02144C6BEC945447E6 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
16:17:09.0791 4812 drmkaud - ok
16:17:09.0838 4812 [ B8E554E502D5123BC111F99D6A2181B4 ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
16:17:09.0884 4812 DXGKrnl - ok
16:17:09.0916 4812 [ 264CEE7B031A9D6C827F3D0CB031F2FE ] E1G60 C:\Windows\system32\DRIVERS\E1G6032E.sys
16:17:09.0947 4812 E1G60 - ok
16:17:09.0962 4812 [ C2303883FD9BE49DC36A6400643002EA ] EapHost C:\Windows\System32\eapsvc.dll
16:17:09.0994 4812 EapHost - ok
16:17:10.0025 4812 [ 5F94962BE5A62DB6E447FF6470C4F48A ] Ecache C:\Windows\system32\drivers\ecache.sys
16:17:10.0040 4812 Ecache - ok
16:17:10.0087 4812 [ 14CE384D2E27B64C256BDA4DC39C312D ] ehRecvr C:\Windows\ehome\ehRecvr.exe
16:17:10.0103 4812 ehRecvr - ok
16:17:10.0118 4812 [ B93159C1313D66FDFBBE876F5189CD52 ] ehSched C:\Windows\ehome\ehsched.exe
16:17:10.0134 4812 ehSched - ok
16:17:10.0150 4812 [ F5EE2527D74449868E3C3227A59BCD28 ] ehstart C:\Windows\ehome\ehstart.dll
16:17:10.0165 4812 ehstart - ok
16:17:10.0181 4812 [ C4636D6E10469404AB5308D9FD45ED07 ] elxstor C:\Windows\system32\drivers\elxstor.sys
16:17:10.0212 4812 elxstor - ok
16:17:10.0259 4812 [ A9B18B63A4FD6BAAB83326706D857FAB ] EMDMgmt C:\Windows\system32\emdmgmt.dll
16:17:10.0306 4812 EMDMgmt - ok
16:17:10.0321 4812 [ BC3A58E938BB277E46BF4B3003B01ABD ] ErrDev C:\Windows\system32\drivers\errdev.sys
16:17:10.0337 4812 ErrDev - ok
16:17:10.0368 4812 [ E12F22B73F153DECE721CD45EC05B4AF ] EventSystem C:\Windows\system32\es.dll
16:17:10.0415 4812 EventSystem - ok
16:17:10.0446 4812 [ 486844F47B6636044A42454614ED4523 ] exfat C:\Windows\system32\drivers\exfat.sys
16:17:10.0462 4812 exfat - ok
16:17:10.0462 4812 ezSharedSvc - ok
16:17:10.0493 4812 [ 1A4BEE34277784619DDAF0422C0C6E23 ] fastfat C:\Windows\system32\drivers\fastfat.sys
16:17:10.0524 4812 fastfat - ok
16:17:10.0540 4812 [ 81B79B6DF71FA1D2C6D688D830616E39 ] fdc C:\Windows\system32\DRIVERS\fdc.sys
16:17:10.0571 4812 fdc - ok
16:17:10.0586 4812 [ BB9267ACACD8B7533DD936C34A0CBA5E ] fdPHost C:\Windows\system32\fdPHost.dll
16:17:10.0633 4812 fdPHost - ok
16:17:10.0633 4812 [ 300C80931EABBE1DB7591C516EFE8D0F ] FDResPub C:\Windows\system32\fdrespub.dll
16:17:10.0696 4812 FDResPub - ok
16:17:10.0696 4812 [ 457B7D1D533E4BD62A99AED9C7BB4C59 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
16:17:10.0711 4812 FileInfo - ok
16:17:10.0727 4812 [ D421327FD6EFCCAF884A54C58E1B0D7F ] Filetrace C:\Windows\system32\drivers\filetrace.sys
16:17:10.0758 4812 Filetrace - ok
16:17:10.0774 4812 [ 230923EA2B80F79B0F88D90F87B87EBD ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
16:17:10.0805 4812 flpydisk - ok
16:17:10.0836 4812 [ E3041BC26D6930D61F42AEDB79C91720 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
16:17:10.0852 4812 FltMgr - ok
16:17:10.0898 4812 [ D4463A74E1BFBF3FB9B4FC6CF5390152 ] fltsrv C:\Windows\system32\DRIVERS\fltsrv.sys
16:17:10.0914 4812 fltsrv - ok
16:17:10.0992 4812 [ BE1C5BD1CA7ED015BC6FA1AE67E592C8 ] FontCache C:\Windows\system32\FntCache.dll
16:17:11.0039 4812 FontCache - ok
16:17:11.0101 4812 [ BC5B0BE5AF3510B0FD8C140EE42C6D3E ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
16:17:11.0101 4812 FontCache3.0.0.0 - ok
16:17:11.0148 4812 [ 5779B86CD8B32519FBECB136394D946A ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
16:17:11.0164 4812 Fs_Rec - ok
16:17:11.0179 4812 [ C8E416668D3DC2BE3D4FE4C79224997F ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
16:17:11.0195 4812 gagp30kx - ok
16:17:11.0226 4812 [ 8E98D21EE06192492A5671A6144D092F ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
16:17:11.0242 4812 GEARAspiWDM - ok
16:17:11.0288 4812 [ A0E1B575BA8F504968CD40C0FAEB2384 ] gpsvc C:\Windows\System32\gpsvc.dll
16:17:11.0335 4812 gpsvc - ok
16:17:11.0382 4812 [ 68E732382B32417FF61FD663259B4B09 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
16:17:11.0413 4812 HdAudAddService - ok
16:17:11.0460 4812 [ F942C5820205F2FB453243EDFEC82A3D ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
16:17:11.0507 4812 HDAudBus - ok
16:17:11.0522 4812 [ B4881C84A180E75B8C25DC1D726C375F ] HidBth C:\Windows\system32\drivers\hidbth.sys
16:17:11.0585 4812 HidBth - ok
16:17:11.0600 4812 [ 4E77A77E2C986E8F88F996BB3E1AD829 ] HidIr C:\Windows\system32\drivers\hidir.sys
16:17:11.0647 4812 HidIr - ok
16:17:11.0663 4812 [ 59361D38A297755D46A540E450202B2A ] hidserv C:\Windows\system32\hidserv.dll
16:17:11.0694 4812 hidserv - ok
16:17:11.0710 4812 [ 443BDD2D30BB4F00795C797E2CF99EDF ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
16:17:11.0741 4812 HidUsb - ok
16:17:11.0756 4812 [ B12F367EA39C0795FD57E31242CE1A5A ] hkmsvc C:\Windows\system32\kmsvc.dll
16:17:11.0803 4812 hkmsvc - ok
16:17:11.0850 4812 [ AA9EF0B395097F24D289F64445B2FD2E ] HP Health Check Service c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
16:17:11.0850 4812 HP Health Check Service ( UnsignedFile.Multi.Generic ) - warning
16:17:11.0850 4812 HP Health Check Service - detected UnsignedFile.Multi.Generic (1)
16:17:11.0866 4812 [ D7109A1E6BD2DFDBCBA72A6BC626A13B ] HpCISSs C:\Windows\system32\drivers\hpcisss.sys
16:17:11.0881 4812 HpCISSs - ok
16:17:11.0928 4812 [ 098F1E4E5C9CB5B0063A959063631610 ] HTTP C:\Windows\system32\drivers\HTTP.sys
16:17:11.0959 4812 HTTP - ok
16:17:11.0975 4812 [ DA94C854CEA5FAC549D4E1F6E88349E8 ] i2omp C:\Windows\system32\drivers\i2omp.sys
16:17:11.0990 4812 i2omp - ok
16:17:11.0990 4812 [ CBB597659A2713CE0C9CC20C88C7591F ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
16:17:12.0022 4812 i8042prt - ok
16:17:12.0068 4812 [ 1117AF8C53AA278A4C5B7EF1B00E08F4 ] IAANTMON C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
16:17:12.0115 4812 IAANTMON - ok
16:17:12.0146 4812 [ 5979854E6FDA990107E3170327022117 ] iaStor C:\Windows\system32\drivers\iastor.sys
16:17:12.0162 4812 iaStor - ok
16:17:12.0193 4812 [ 3E3BF3627D886736D0B4E90054F929F6 ] iaStorV C:\Windows\system32\drivers\iastorv.sys
16:17:12.0209 4812 iaStorV - ok
16:17:12.0271 4812 [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
16:17:12.0287 4812 IDriverT ( UnsignedFile.Multi.Generic ) - warning
16:17:12.0287 4812 IDriverT - detected UnsignedFile.Multi.Generic (1)
16:17:12.0427 4812 [ 749F5F8CEDCA70F2A512945325FC489D ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
16:17:12.0474 4812 idsvc - ok
16:17:12.0490 4812 [ 8C3951AD2FE886EF76C7B5027C3125D3 ] iirsp C:\Windows\system32\drivers\iirsp.sys
16:17:12.0505 4812 iirsp - ok
16:17:12.0521 4812 [ 0C9EA6E654E7B0471741E343A6C671AF ] IKEEXT C:\Windows\System32\ikeext.dll
16:17:12.0568 4812 IKEEXT - ok
16:17:12.0614 4812 [ DC64D46EF8ACE3BD1CEC3A4A61608D4E ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
16:17:12.0677 4812 IntcAzAudAddService - ok
16:17:12.0708 4812 [ DF797A12176F11B2D301C5B234BB200E ] intelide C:\Windows\system32\drivers\intelide.sys
16:17:12.0724 4812 intelide - ok
16:17:12.0724 4812 [ BFD84AF32FA1BAD6231C4585CB469630 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
16:17:12.0770 4812 intelppm - ok
16:17:12.0786 4812 [ 5624BC1BC5EEB49C0AB76A8114F05EA3 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
16:17:12.0833 4812 IPBusEnum - ok
16:17:12.0848 4812 [ D8AABC341311E4780D6FCE8C73C0AD81 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
16:17:12.0880 4812 IpFilterDriver - ok
16:17:12.0911 4812 [ BF0DBFA9792C5C14FA00F61C75116C1B ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
16:17:12.0926 4812 iphlpsvc - ok
16:17:12.0926 4812 IpInIp - ok
16:17:12.0942 4812 [ 9C2EE2E6E5A7203BFAE15C299475EC67 ] IPMIDRV C:\Windows\system32\drivers\ipmidrv.sys
16:17:12.0989 4812 IPMIDRV - ok
16:17:13.0004 4812 [ B7E6212F581EA5F6AB0C3A6CEEEB89BE ] IPNAT C:\Windows\system32\DRIVERS\ipnat.sys
16:17:13.0036 4812 IPNAT - ok
16:17:13.0098 4812 [ 6E50CFA46527B39015B750AAD161C5CC ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
16:17:13.0129 4812 iPod Service - ok
16:17:13.0145 4812 [ 8C42CA155343A2F11D29FECA67FAA88D ] IRENUM C:\Windows\system32\drivers\irenum.sys
16:17:13.0176 4812 IRENUM - ok
16:17:13.0192 4812 [ 0672BFCEDC6FC468A2B0500D81437F4F ] isapnp C:\Windows\system32\drivers\isapnp.sys
16:17:13.0207 4812 isapnp - ok
16:17:13.0238 4812 [ E4FDF99599F27EC25D2CF6D754243520 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
16:17:13.0254 4812 iScsiPrt - ok
16:17:13.0270 4812 [ 63C766CDC609FF8206CB447A65ABBA4A ] iteatapi C:\Windows\system32\drivers\iteatapi.sys
16:17:13.0285 4812 iteatapi - ok
16:17:13.0301 4812 [ 1281FE73B17664631D12F643CBEA3F59 ] iteraid C:\Windows\system32\drivers\iteraid.sys
16:17:13.0301 4812 iteraid - ok
16:17:13.0316 4812 [ 423696F3BA6472DD17699209B933BC26 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
16:17:13.0332 4812 kbdclass - ok
16:17:13.0363 4812 [ DBDF75D51464FBC47D0104EC3D572C05 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
16:17:13.0394 4812 kbdhid - ok
16:17:13.0426 4812 [ 260BF9C43EE12C6898A9F5AAB0FB0E5D ] KeyIso C:\Windows\system32\lsass.exe
16:17:13.0441 4812 KeyIso - ok
16:17:13.0488 4812 [ E656FE10D6D27794AFA08136685A69E8 ] KL1 C:\Windows\system32\DRIVERS\kl1.sys
16:17:13.0535 4812 KL1 - ok
16:17:13.0550 4812 [ D865DD8B0448E3F963D68C04C532858F ] kl2 C:\Windows\system32\DRIVERS\kl2.sys
16:17:13.0566 4812 kl2 - ok
16:17:13.0597 4812 [ C7D4F357C482DD37E2B05F34093B7B0C ] KLIF C:\Windows\system32\DRIVERS\klif.sys
16:17:13.0628 4812 KLIF - ok
16:17:13.0660 4812 [ 89FB5A33D7171B6D84F5EB721D5055E1 ] KLIM6 C:\Windows\system32\DRIVERS\klim6.sys
16:17:13.0675 4812 KLIM6 - ok
16:17:13.0675 4812 [ 9468D07E91BA136D82415F5DFC1FE168 ] klmouflt C:\Windows\system32\DRIVERS\klmouflt.sys
16:17:13.0691 4812 klmouflt - ok
16:17:13.0769 4812 [ 88956AD9FA510848AD176777A6C6C1F5 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
16:17:13.0800 4812 KSecDD - ok
16:17:13.0800 4812 [ 1D419CF43DB29396ECD7113D129D94EB ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
16:17:13.0847 4812 ksthunk - ok
16:17:13.0878 4812 [ 1FAF6926F3416D3DA05C5B265491BDAE ] KtmRm C:\Windows\system32\msdtckrm.dll
16:17:13.0940 4812 KtmRm - ok
16:17:13.0972 4812 [ 50C7A3CB427E9BB5ED0708A669956AB5 ] LanmanServer C:\Windows\system32\srvsvc.dll
16:17:13.0987 4812 LanmanServer - ok
16:17:14.0018 4812 [ CAF86FC1388BE1E470F1A7B43E348ADB ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
16:17:14.0034 4812 LanmanWorkstation - ok
16:17:14.0050 4812 [ 96ECE2659B6654C10A0C310AE3A6D02C ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
16:17:14.0096 4812 lltdio - ok
16:17:14.0112 4812 [ 961CCBD0B1CCB5675D64976FAE37D092 ] lltdsvc C:\Windows\System32\lltdsvc.dll
16:17:14.0159 4812 lltdsvc - ok
16:17:14.0174 4812 [ A47F8080CACC23C91FE823AD19AA5612 ] lmhosts C:\Windows\System32\lmhsvc.dll
16:17:14.0206 4812 lmhosts - ok
16:17:14.0221 4812 [ ACBE1AF32D3123E330A07BFBC5EC4A9B ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
16:17:14.0237 4812 LSI_FC - ok
16:17:14.0252 4812 [ 799FFB2FC4729FA46D2157C0065B3525 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
16:17:14.0268 4812 LSI_SAS - ok
16:17:14.0284 4812 [ F445FF1DAAD8A226366BFAF42551226B ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
16:17:14.0315 4812 LSI_SCSI - ok
16:17:14.0330 4812 [ 52F87B9CC8932C2A7375C3B2A9BE5E3E ] luafv C:\Windows\system32\drivers\luafv.sys
16:17:14.0362 4812 luafv - ok
16:17:14.0362 4812 LVcKap64 - ok
16:17:14.0377 4812 LVPr2M64 - ok
16:17:14.0377 4812 LVRS64 - ok
16:17:14.0377 4812 LVUSBS64 - ok
16:17:14.0502 4812 [ 5747BC465ABEA2858C5D037252AED84E ] LVUVC64 C:\Windows\system32\DRIVERS\lvuvc64.sys
16:17:14.0674 4812 LVUVC64 - ok
16:17:14.0720 4812 [ 92EB844D90615CB266F84C3202B8786E ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
16:17:14.0736 4812 MBAMProtector - ok
16:17:14.0783 4812 [ 1ACAA67676E9E7BDA5E0C41B6E0DECAF ] MBAMScheduler C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
16:17:14.0830 4812 MBAMScheduler - ok
16:17:14.0861 4812 [ 916B8954AC3E06DC9E898AFFB41F3FB6 ] MBAMService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
16:17:14.0892 4812 MBAMService - ok
16:17:14.0908 4812 [ 76A58DF02BD4EA29F189B82D0BEF17F8 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
16:17:14.0923 4812 Mcx2Svc - ok
16:17:14.0939 4812 [ 5C5CD6AACED32FB26C3FB34B3DCF972F ] megasas C:\Windows\system32\drivers\megasas.sys
16:17:14.0954 4812 megasas - ok
16:17:14.0986 4812 [ 859BC2436B076C77C159ED694ACFE8F8 ] MegaSR C:\Windows\system32\drivers\megasr.sys
16:17:15.0017 4812 MegaSR - ok
16:17:15.0048 4812 [ 3CBE4995E80E13CCFBC42E5DCF3AC81A ] MMCSS C:\Windows\system32\mmcss.dll
16:17:15.0079 4812 MMCSS - ok
16:17:15.0095 4812 [ 59848D5CC74606F0EE7557983BB73C2E ] Modem C:\Windows\system32\drivers\modem.sys
16:17:15.0142 4812 Modem - ok
16:17:15.0142 4812 [ C247CC2A57E0A0C8C6DCCF7807B3E9E5 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
16:17:15.0188 4812 monitor - ok
16:17:15.0188 4812 [ 9367304E5E412B120CF5F4EA14E4E4F1 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
16:17:15.0204 4812 mouclass - ok
16:17:15.0220 4812 [ C2C2BD5C5CE5AAF786DDD74B75D2AC69 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
16:17:15.0251 4812 mouhid - ok
16:17:15.0266 4812 [ 11BC9B1E8801B01F7F6ADB9EAD30019B ] MountMgr C:\Windows\system32\drivers\mountmgr.sys
16:17:15.0282 4812 MountMgr - ok
16:17:15.0313 4812 [ F8276EB8698142884498A528DFEA8478 ] mpio C:\Windows\system32\drivers\mpio.sys
16:17:15.0329 4812 mpio - ok
16:17:15.0360 4812 [ C92B9ABDB65A5991E00C28F13491DBA2 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
16:17:15.0376 4812 mpsdrv - ok
16:17:15.0422 4812 [ 897E3BAF68BA406A61682AE39C83900C ] MpsSvc C:\Windows\system32\mpssvc.dll
16:17:15.0469 4812 MpsSvc - ok
16:17:15.0500 4812 [ 3C200630A89EF2C0864D515B7A75802E ] Mraid35x C:\Windows\system32\drivers\mraid35x.sys
16:17:15.0516 4812 Mraid35x - ok
16:17:15.0532 4812 [ 7C1DE4AA96DC0C071611F9E7DE02A68D ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
16:17:15.0547 4812 MRxDAV - ok
16:17:15.0578 4812 [ 1485811B320FF8C7EDAD1CAEBB1C6C2B ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
16:17:15.0594 4812 mrxsmb - ok
16:17:15.0641 4812 [ 3B929A60C833FC615FD97FBA82BC7632 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
16:17:15.0656 4812 mrxsmb10 - ok
16:17:15.0688 4812 [ C64AB3E1F53B4F5B5BB6D796B2D7BEC3 ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
16:17:15.0703 4812 mrxsmb20 - ok
16:17:15.0719 4812 [ 1AC860612B85D8E85EE257D372E39F4D ] msahci C:\Windows\system32\drivers\msahci.sys
16:17:15.0734 4812 msahci - ok
16:17:15.0734 4812 [ 264BBB4AAF312A485F0E44B65A6B7202 ] msdsm C:\Windows\system32\drivers\msdsm.sys
16:17:15.0750 4812 msdsm - ok
16:17:15.0766 4812 [ 7EC02CE772F068ED0BEAFA3DA341A9BC ] MSDTC C:\Windows\System32\msdtc.exe
16:17:15.0812 4812 MSDTC - ok
16:17:15.0828 4812 [ 704F59BFC4512D2BB0146AEC31B10A7C ] Msfs C:\Windows\system32\drivers\Msfs.sys
16:17:15.0875 4812 Msfs - ok
16:17:15.0890 4812 [ 00EBC952961664780D43DCA157E79B27 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
16:17:15.0906 4812 msisadrv - ok
16:17:15.0937 4812 [ 366B0C1F4478B519C181E37D43DCDA32 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
16:17:15.0984 4812 MSiSCSI - ok
16:17:15.0984 4812 msiserver - ok
16:17:16.0015 4812 [ 0EA73E498F53B96D83DBFCA074AD4CF8 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
16:17:16.0046 4812 MSKSSRV - ok
16:17:16.0062 4812 [ 52E59B7E992A58E740AA63F57EDBAE8B ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
16:17:16.0093 4812 MSPCLOCK - ok
16:17:16.0109 4812 [ 49084A75BAE043AE02D5B44D02991BB2 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
16:17:16.0140 4812 MSPQM - ok
16:17:16.0202 4812 [ DC6CCF440CDEDE4293DB41C37A5060A5 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
16:17:16.0218 4812 MsRPC - ok
16:17:16.0249 4812 [ 855796E59DF77EA93AF46F20155BF55B ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
16:17:16.0249 4812 mssmbios - ok
16:17:16.0265 4812 [ 86D632D75D05D5B7C7C043FA3564AE86 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
16:17:16.0312 4812 MSTEE - ok
16:17:16.0312 4812 [ 0CC49F78D8ACA0877D885F149084E543 ] Mup C:\Windows\system32\Drivers\mup.sys
16:17:16.0327 4812 Mup - ok
16:17:16.0343 4812 [ A5B10C845E7538C60C0F5D87A57CB3F5 ] napagent C:\Windows\system32\qagentRT.dll
16:17:16.0390 4812 napagent - ok
16:17:16.0421 4812 [ 2007B826C4ACD94AE32232B41F0842B9 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
16:17:16.0452 4812 NativeWifiP - ok
16:17:16.0468 4812 [ 65950E07329FCEE8E6516B17C8D0ABB6 ] NDIS C:\Windows\system32\drivers\ndis.sys
16:17:16.0530 4812 NDIS - ok
16:17:16.0546 4812 [ 64DF698A425478E321981431AC171334 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
16:17:16.0561 4812 NdisTapi - ok
16:17:16.0592 4812 [ 8BAA43196D7B5BB972C9A6B2BBF61A19 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
16:17:16.0624 4812 Ndisuio - ok
16:17:16.0670 4812 [ F8158771905260982CE724076419EF19 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
16:17:16.0702 4812 NdisWan - ok
16:17:16.0702 4812 [ 9CB77ED7CB72850253E973A2D6AFDF49 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
16:17:16.0733 4812 NDProxy - ok
16:17:16.0748 4812 [ A499294F5029A7862ADC115BDA7371CE ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
16:17:16.0780 4812 NetBIOS - ok
16:17:16.0795 4812 [ FC2C792EBDDC8E28DF939D6A92C83D61 ] netbt C:\Windows\system32\DRIVERS\netbt.sys
16:17:16.0826 4812 netbt - ok
16:17:16.0842 4812 [ 260BF9C43EE12C6898A9F5AAB0FB0E5D ] Netlogon C:\Windows\system32\lsass.exe
16:17:16.0858 4812 Netlogon - ok
16:17:16.0889 4812 [ 9B63B29DEFC0F3115A559D2597BF5D75 ] Netman C:\Windows\System32\netman.dll
16:17:16.0936 4812 Netman - ok
16:17:16.0951 4812 [ 7846D0136CC2B264926A73047BA7688A ] netprofm C:\Windows\System32\netprofm.dll
16:17:16.0998 4812 netprofm - ok
16:17:17.0029 4812 [ 74751DDA198165947FD7454D83F49825 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
16:17:17.0045 4812 NetTcpPortSharing - ok
16:17:17.0076 4812 [ 4AC08BD6AF2DF42E0C3196D826C8AEA7 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
16:17:17.0092 4812 nfrd960 - ok
16:17:17.0107 4812 [ F145BF4C4668E7E312069F81EF847CFC ] NlaSvc C:\Windows\System32\nlasvc.dll
16:17:17.0138 4812 NlaSvc - ok
16:17:17.0154 4812 [ B298874F8E0EA93F06EC40AA8D146478 ] Npfs C:\Windows\system32\drivers\Npfs.sys
16:17:17.0185 4812 Npfs - ok
16:17:17.0201 4812 [ ACB62BAA1C319B17752553DF3026EEEB ] nsi C:\Windows\system32\nsisvc.dll
16:17:17.0232 4812 nsi - ok
16:17:17.0248 4812 [ 1523AF19EE8B030BA682F7A53537EAEB ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
16:17:17.0279 4812 nsiproxy - ok
16:17:17.0326 4812 [ BAC869DFB98E499BA4D9BB1FB43270E1 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
16:17:17.0404 4812 Ntfs - ok
16:17:17.0419 4812 [ DD5D684975352B85B52E3FD5347C20CB ] Null C:\Windows\system32\drivers\Null.sys
16:17:17.0466 4812 Null - ok
16:17:17.0669 4812 [ 51BD7EF17F0B525994AD5B3748C8288B ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
16:17:17.0981 4812 nvlddmkm - ok
16:17:18.0012 4812 [ 2C040B7ADA5B06F6FACADAC8514AA034 ] nvraid C:\Windows\system32\drivers\nvraid.sys
16:17:18.0028 4812 nvraid - ok
16:17:18.0059 4812 [ F7EA0FE82842D05EDA3EFDD376DBFDBA ] nvstor C:\Windows\system32\drivers\nvstor.sys
16:17:18.0074 4812 nvstor - ok
16:17:18.0106 4812 [ FCE8537BF5D504680212D536A3BFE5E2 ] nvsvc C:\Windows\system32\nvvsvc.exe
16:17:18.0137 4812 nvsvc - ok
16:17:18.0168 4812 [ 19067CA93075EF4823E3938A686F532F ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
16:17:18.0184 4812 nv_agp - ok
16:17:18.0184 4812 NwlnkFlt - ok
16:17:18.0184 4812 NwlnkFwd - ok
16:17:18.0262 4812 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
16:17:18.0293 4812 odserv - ok
16:17:18.0308 4812 [ B5B1CE65AC15BBD11C0619E3EF7CFC28 ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys
16:17:18.0340 4812 ohci1394 - ok
16:17:18.0355 4812 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
16:17:18.0371 4812 ose - ok
16:17:18.0418 4812 [ 9AE31D2E1D15C10D91318E0EC149CEAC ] p2pimsvc C:\Windows\system32\p2psvc.dll
16:17:18.0449 4812 p2pimsvc - ok
16:17:18.0464 4812 [ 9AE31D2E1D15C10D91318E0EC149CEAC ] p2psvc C:\Windows\system32\p2psvc.dll
16:17:18.0496 4812 p2psvc - ok
16:17:18.0496 4812 [ AECD57F94C887F58919F307C35498EA0 ] Parport C:\Windows\system32\drivers\parport.sys
16:17:18.0558 4812 Parport - ok
16:17:18.0605 4812 [ B43751085E2ABE389DA466BC62A4B987 ] partmgr C:\Windows\system32\drivers\partmgr.sys
16:17:18.0620 4812 partmgr - ok
16:17:18.0636 4812 [ 9AB157B374192FF276C1628FBDBA2B0E ] PcaSvc C:\Windows\System32\pcasvc.dll
16:17:18.0667 4812 PcaSvc - ok
16:17:18.0761 4812 [ 7204F835A4355D1AB2853E57C9FF177C ] PCD5SRVC{8AAF211B-043E02A9-05040000} C:\PROGRA~1\PC-DOC~1\PCD5SRVC_x64.pkms
16:17:18.0761 4812 PCD5SRVC{8AAF211B-043E02A9-05040000} ( UnsignedFile.Multi.Generic ) - warning
16:17:18.0761 4812 PCD5SRVC{8AAF211B-043E02A9-05040000} - detected UnsignedFile.Multi.Generic (1)
16:17:18.0792 4812 [ 47AB1E0FC9D0E12BB53BA246E3A0906D ] pci C:\Windows\system32\drivers\pci.sys
16:17:18.0808 4812 pci - ok
16:17:18.0823 4812 [ 8D618C829034479985A9ED56106CC732 ] pciide C:\Windows\system32\drivers\pciide.sys
16:17:18.0839 4812 pciide - ok
16:17:18.0854 4812 [ 037661F3D7C507C9993B7010CEEE6288 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
16:17:18.0870 4812 pcmcia - ok
16:17:18.0886 4812 [ 58865916F53592A61549B04941BFD80D ] PEAUTH C:\Windows\system32\drivers\peauth.sys
16:17:18.0964 4812 PEAUTH - ok
16:17:19.0042 4812 [ 0ED8727EA0172860F47258456C06CAEA ] PerfHost C:\Windows\SysWow64\perfhost.exe
16:17:19.0073 4812 PerfHost - ok
16:17:19.0120 4812 [ E9E68C1A0F25CF4A7AC966EEA74EE89E ] pla C:\Windows\system32\pla.dll
16:17:19.0182 4812 pla - ok
16:17:19.0213 4812 [ FE6B0F59215C9FD9F9D26539C58C8B82 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
16:17:19.0244 4812 PlugPlay - ok
16:17:19.0291 4812 [ 9AE31D2E1D15C10D91318E0EC149CEAC ] PNRPAutoReg C:\Windows\system32\p2psvc.dll
16:17:19.0322 4812 PNRPAutoReg - ok
16:17:19.0338 4812 [ 9AE31D2E1D15C10D91318E0EC149CEAC ] PNRPsvc C:\Windows\system32\p2psvc.dll
16:17:19.0369 4812 PNRPsvc - ok
16:17:19.0385 4812 [ 89A5560671C2D8B4A4B51F3E1AA069D8 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
16:17:19.0432 4812 PolicyAgent - ok
16:17:19.0463 4812 [ 23386E9952025F5F21C368971E2E7301 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
16:17:19.0494 4812 PptpMiniport - ok
16:17:19.0510 4812 [ 5080E59ECEE0BC923F14018803AA7A01 ] Processor C:\Windows\system32\drivers\processr.sys
16:17:19.0541 4812 Processor - ok
16:17:19.0572 4812 [ E058CE4FC2449D8BFA14739C83B7FF2A ] ProfSvc C:\Windows\system32\profsvc.dll
16:17:19.0603 4812 ProfSvc - ok
16:17:19.0634 4812 [ 260BF9C43EE12C6898A9F5AAB0FB0E5D ] ProtectedStorage C:\Windows\system32\lsass.exe
16:17:19.0650 4812 ProtectedStorage - ok
16:17:19.0681 4812 [ C5AB7F0809392D0DA027F4A2A81BFA31 ] PSched C:\Windows\system32\DRIVERS\pacer.sys
16:17:19.0712 4812 PSched - ok
16:17:19.0728 4812 [ 05F46042208E515B9C240AAFC54E7AA2 ] PxHlpa64 C:\Windows\system32\Drivers\PxHlpa64.sys
16:17:19.0744 4812 PxHlpa64 - ok
16:17:19.0775 4812 [ 0B83F4E681062F3839BE2EC1D98FD94A ] ql2300 C:\Windows\system32\drivers\ql2300.sys
16:17:19.0822 4812 ql2300 - ok
16:17:19.0853 4812 [ E1C80F8D4D1E39EF9595809C1369BF2A ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
16:17:19.0868 4812 ql40xx - ok
16:17:19.0884 4812 [ 90574842C3DA781E279061A3EFF91F07 ] QWAVE C:\Windows\system32\qwave.dll
16:17:19.0900 4812 QWAVE - ok
16:17:19.0915 4812 [ E8D76EDAB77EC9C634C27B8EAC33ADC5 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
16:17:19.0931 4812 QWAVEdrv - ok
16:17:19.0946 4812 [ 1013B3B663A56D3DDD784F581C1BD005 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
16:17:19.0978 4812 RasAcd - ok
16:17:19.0993 4812 [ B2AE18F847D07F0044404DDF7CB04497 ] RasAuto C:\Windows\System32\rasauto.dll
16:17:20.0040 4812 RasAuto - ok
16:17:20.0056 4812 [ AC7BC4D42A7E558718DFDEC599BBFC2C ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
16:17:20.0087 4812 Rasl2tp - ok
16:17:20.0102 4812 [ 3AD83E4046C43BE510DE681588ACB8AF ] RasMan C:\Windows\System32\rasmans.dll
16:17:20.0134 4812 RasMan - ok
16:17:20.0165 4812 [ 4517FBF8B42524AFE4EDE1DE102AAE3E ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
16:17:20.0196 4812 RasPppoe - ok
16:17:20.0227 4812 [ C6A593B51F34C33E5474539544072527 ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
16:17:20.0243 4812 RasSstp - ok
16:17:20.0258 4812 [ 322DB5C6B55E8D8EE8D6F358B2AAABB1 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
16:17:20.0290 4812 rdbss - ok
16:17:20.0305 4812 [ 603900CC05F6BE65CCBF373800AF3716 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
16:17:20.0336 4812 RDPCDD - ok
16:17:20.0368 4812 [ C045D1FB111C28DF0D1BE8D4BDA22C06 ] rdpdr C:\Windows\system32\drivers\rdpdr.sys
16:17:20.0399 4812 rdpdr - ok
16:17:20.0414 4812 [ CAB9421DAF3D97B33D0D055858E2C3AB ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
16:17:20.0446 4812 RDPENCDD - ok
16:17:20.0492 4812 [ AE4BD9E1C33D351D8E607FC81F15160C ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
16:17:20.0508 4812 RDPWD - ok
16:17:20.0539 4812 [ C612B9557DA73F70D41F8A6FBC8E5344 ] RemoteAccess C:\Windows\System32\mprdim.dll
16:17:20.0570 4812 RemoteAccess - ok
16:17:20.0602 4812 [ 44B9D8EC2F3EF3A0EFB00857AF70D861 ] RemoteRegistry C:\Windows\system32\regsvc.dll
16:17:20.0633 4812 RemoteRegistry - ok
16:17:20.0648 4812 [ F46C457840D4B7A4DAAFEE739CE04102 ] RpcLocator C:\Windows\system32\locator.exe
16:17:20.0664 4812 RpcLocator - ok
16:17:20.0695 4812 [ CF8B9A3A5E7DC57724A89D0C3E8CF9EF ] RpcSs C:\Windows\system32\rpcss.dll
16:17:20.0742 4812 RpcSs - ok
16:17:20.0758 4812 [ 22A9CB08B1A6707C1550C6BF099AAE73 ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
16:17:20.0804 4812 rspndr - ok
16:17:20.0836 4812 [ 8B91737DA75ADD21CB1554B38089196A ] RTL8169 C:\Windows\system32\DRIVERS\Rtlh64.sys
16:17:20.0851 4812 RTL8169 - ok
16:17:20.0867 4812 [ 260BF9C43EE12C6898A9F5AAB0FB0E5D ] SamSs C:\Windows\system32\lsass.exe
16:17:20.0882 4812 SamSs - ok
16:17:20.0898 4812 [ CD9C693589C60AD59BBBCFB0E524E01B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
16:17:20.0914 4812 sbp2port - ok
16:17:20.0929 4812 [ FD1CDCF108D5EF3366F00D18B70FB89B ] SCardSvr C:\Windows\System32\SCardSvr.dll
16:17:20.0960 4812 SCardSvr - ok
16:17:21.0007 4812 [ 0F838C811AD295D2A4489B9993096C63 ] Schedule C:\Windows\system32\schedsvc.dll
16:17:21.0038 4812 Schedule - ok
16:17:21.0070 4812 [ 5A268127633C7EE2A7FB87F39D748D56 ] SCPolicySvc C:\Windows\System32\certprop.dll
16:17:21.0101 4812 SCPolicySvc - ok
16:17:21.0132 4812 [ 4FF71B076A7760FE75EA5AE2D0EE0018 ] SDRSVC C:\Windows\System32\SDRSVC.dll
16:17:21.0148 4812 SDRSVC - ok
16:17:21.0163 4812 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
16:17:21.0210 4812 secdrv - ok
16:17:21.0226 4812 [ 5ACDCBC67FCF894A1815B9F96D704490 ] seclogon C:\Windows\system32\seclogon.dll
16:17:21.0257 4812 seclogon - ok
16:17:21.0272 4812 [ 90973A64B96CD647FF81C79443618EED ] SENS C:\Windows\System32\sens.dll
16:17:21.0304 4812 SENS - ok
16:17:21.0335 4812 [ F71BFE7AC6C52273B7C82CBF1BB2A222 ] Serenum C:\Windows\system32\drivers\serenum.sys
16:17:21.0382 4812 Serenum - ok
16:17:21.0397 4812 [ E62FAC91EE288DB29A9696A9D279929C ] Serial C:\Windows\system32\drivers\serial.sys
16:17:21.0460 4812 Serial - ok
16:17:21.0475 4812 [ A842F04833684BCEEA7336211BE478DF ] sermouse C:\Windows\system32\drivers\sermouse.sys
16:17:21.0506 4812 sermouse - ok
16:17:21.0538 4812 [ A8E4A4407A09F35DCCC3771AF590B0C4 ] SessionEnv C:\Windows\system32\sessenv.dll
16:17:21.0569 4812 SessionEnv - ok
16:17:21.0584 4812 [ 14D4B4465193A87C127933978E8C4106 ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
16:17:21.0616 4812 sffdisk - ok
16:17:21.0631 4812 [ 7073AEE3F82F3D598E3825962AA98AB2 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
16:17:21.0678 4812 sffp_mmc - ok
16:17:21.0694 4812 [ 35E59EBE4A01A0532ED67975161C7B82 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
16:17:21.0725 4812 sffp_sd - ok
16:17:21.0740 4812 [ 6B7838C94135768BD455CBDC23E39E5F ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
16:17:21.0803 4812 sfloppy - ok
16:17:21.0850 4812 [ 4C5AEE179DA7E1EE9A9CCB9DA289AF34 ] SharedAccess C:\Windows\System32\ipnathlp.dll
16:17:21.0881 4812 SharedAccess - ok
16:17:21.0959 4812 [ 56793271ECDEDD350C5ADD305603E963 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
16:17:21.0974 4812 ShellHWDetection - ok
16:17:21.0990 4812 [ 7A5DE502AEB719D4594C6471060A78B3 ] SiSRaid2 C:\Windows\system32\drivers\sisraid2.sys
16:17:22.0006 4812 SiSRaid2 - ok
16:17:22.0021 4812 [ 3A2F769FAB9582BC720E11EA1DFB184D ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
16:17:22.0037 4812 SiSRaid4 - ok
16:17:22.0099 4812 [ A9A27A8E257B45A604FDAD4F26FE7241 ] slsvc C:\Windows\system32\SLsvc.exe
16:17:22.0177 4812 slsvc - ok
16:17:22.0193 4812 [ FD74B4B7C2088E390A30C85A896FC3AF ] SLUINotify C:\Windows\system32\SLUINotify.dll
16:17:22.0224 4812 SLUINotify - ok
16:17:22.0255 4812 [ 290B6F6A0EC4FCDFC90F5CB6D7020473 ] Smb C:\Windows\system32\DRIVERS\smb.sys
16:17:22.0286 4812 Smb - ok
16:17:22.0318 4812 [ F8F47F38909823B1AF28D60B96340CFF ] SNMPTRAP C:\Windows\System32\snmptrap.exe
16:17:22.0333 4812 SNMPTRAP - ok
16:17:22.0364 4812 [ 386C3C63F00A7040C7EC5E384217E89D ] spldr C:\Windows\system32\drivers\spldr.sys
16:17:22.0380 4812 spldr - ok
16:17:22.0427 4812 [ F66FF751E7EFC816D266977939EF5DC3 ] Spooler C:\Windows\System32\spoolsv.exe
16:17:22.0442 4812 Spooler - ok
16:17:22.0520 4812 [ 880A57FCCB571EBD063D4DD50E93E46D ] srv C:\Windows\system32\DRIVERS\srv.sys
16:17:22.0567 4812 srv - ok
16:17:22.0598 4812 [ A1AD14A6D7A37891FFFECA35EBBB0730 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
16:17:22.0614 4812 srv2 - ok
16:17:22.0630 4812 [ 4BED62F4FA4D8300973F1151F4C4D8A7 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
16:17:22.0645 4812 srvnet - ok
16:17:22.0692 4812 [ 192C74646EC5725AEF3F80D19FF75F6A ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
16:17:22.0723 4812 SSDPSRV - ok
16:17:22.0739 4812 [ 2EE3FA0308E6185BA64A9A7F2E74332B ] SstpSvc C:\Windows\system32\sstpsvc.dll
16:17:22.0754 4812 SstpSvc - ok
16:17:22.0786 4812 [ 15825C1FBFB8779992CB65087F316AF5 ] stisvc C:\Windows\System32\wiaservc.dll
16:17:22.0817 4812 stisvc - ok
16:17:22.0848 4812 [ 8A851CA908B8B974F89C50D2E18D4F0C ] swenum C:\Windows\system32\DRIVERS\swenum.sys
16:17:22.0864 4812 swenum - ok
16:17:22.0895 4812 [ 6DE37F4DE19D4EFD9C48C43ADDBC949A ] swprv C:\Windows\System32\swprv.dll
16:17:22.0942 4812 swprv - ok
16:17:22.0957 4812 [ 2F26A2C6FC96B29BEFF5D8ED74E6625B ] Symc8xx C:\Windows\system32\drivers\symc8xx.sys
16:17:22.0973 4812 Symc8xx - ok
16:17:22.0988 4812 [ A909667976D3BCCD1DF813FED517D837 ] Sym_hi C:\Windows\system32\drivers\sym_hi.sys
16:17:23.0004 4812 Sym_hi - ok
16:17:23.0035 4812 [ 36887B56EC2D98B9C362F6AE4DE5B7B0 ] Sym_u3 C:\Windows\system32\drivers\sym_u3.sys
16:17:23.0051 4812 Sym_u3 - ok
16:17:23.0082 4812 [ 92D7A8B0F87B036F17D25885937897A6 ] SysMain C:\Windows\system32\sysmain.dll
16:17:23.0144 4812 SysMain - ok
16:17:23.0160 4812 [ 005CE42567F9113A3BCCB3B20073B029 ] TabletInputService C:\Windows\System32\TabSvc.dll
16:17:23.0176 4812 TabletInputService - ok
16:17:23.0207 4812 [ CC2562B4D55E0B6A4758C65407F63B79 ] TapiSrv C:\Windows\System32\tapisrv.dll
16:17:23.0238 4812 TapiSrv - ok
16:17:23.0254 4812 [ CDBE8D7C1E201B911CDC346D06617FB5 ] TBS C:\Windows\System32\tbssvc.dll
16:17:23.0285 4812 TBS - ok
16:17:23.0363 4812 [ 0E970F59D7FBB838316176B19A2ADB82 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
16:17:23.0410 4812 Tcpip - ok
16:17:23.0425 4812 [ 0E970F59D7FBB838316176B19A2ADB82 ] Tcpip6 C:\Windows\system32\DRIVERS\tcpip.sys
16:17:23.0488 4812 Tcpip6 - ok
16:17:23.0519 4812 [ C7E72A4071EE0200E3C075DACFB2B334 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
16:17:23.0534 4812 tcpipreg - ok
16:17:23.0550 4812 [ 1D8BF4AAA5FB7A2761475781DC1195BC ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
16:17:23.0597 4812 TDPIPE - ok
16:17:23.0612 4812 [ 7F7E00CDF609DF657F4CDA02DD1C9BB1 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
16:17:23.0644 4812 TDTCP - ok
16:17:23.0659 4812 [ 458919C8C42E398DC4802178D5FFEE27 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
16:17:23.0690 4812 tdx - ok
16:17:23.0722 4812 [ 8C19678D22649EC002EF2282EAE92F98 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
16:17:23.0737 4812 TermDD - ok
16:17:23.0753 4812 [ 5CDD30BC217082DAC71A9878D9BFD566 ] TermService C:\Windows\System32\termsrv.dll
16:17:23.0815 4812 TermService - ok
16:17:23.0846 4812 [ 56793271ECDEDD350C5ADD305603E963 ] Themes C:\Windows\system32\shsvcs.dll
16:17:23.0862 4812 Themes - ok
16:17:23.0893 4812 [ 3CBE4995E80E13CCFBC42E5DCF3AC81A ] THREADORDER C:\Windows\system32\mmcss.dll
16:17:23.0940 4812 THREADORDER - ok
16:17:23.0956 4812 [ F4689F05AF472A651A7B1B7B02D200E7 ] TrkWks C:\Windows\System32\trkwks.dll
16:17:24.0002 4812 TrkWks - ok
16:17:24.0049 4812 [ 66328B08EF5A9305D8EDE36B93930369 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
16:17:24.0080 4812 TrustedInstaller - ok
16:17:24.0096 4812 [ 9E5409CD17C8BEF193AAD498F3BC2CB8 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
16:17:24.0127 4812 tssecsrv - ok
16:17:24.0143 4812 [ 89EC74A9E602D16A75A4170511029B3C ] tunmp C:\Windows\system32\DRIVERS\tunmp.sys
16:17:24.0158 4812 tunmp - ok
16:17:24.0190 4812 [ 30A9B3F45AD081BFFC3BCAA9C812B609 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
16:17:24.0205 4812 tunnel - ok
16:17:24.0221 4812 [ FEC266EF401966311744BD0F359F7F56 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
16:17:24.0236 4812 uagp35 - ok
16:17:24.0252 4812 [ FAF2640A2A76ED03D449E443194C4C34 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
16:17:24.0283 4812 udfs - ok
16:17:24.0299 4812 [ 060507C4113391394478F6953A79EEDC ] UI0Detect C:\Windows\system32\UI0Detect.exe
16:17:24.0346 4812 UI0Detect - ok
16:17:24.0361 4812 [ 4EC9447AC3AB462647F60E547208CA00 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
16:17:24.0377 4812 uliagpkx - ok
16:17:24.0392 4812 [ 697F0446134CDC8F99E69306184FBBB4 ] uliahci C:\Windows\system32\drivers\uliahci.sys
16:17:24.0408 4812 uliahci - ok
16:17:24.0424 4812 [ 31707F09846056651EA2C37858F5DDB0 ] UlSata C:\Windows\system32\drivers\ulsata.sys
16:17:24.0439 4812 UlSata - ok
16:17:24.0470 4812 [ 85E5E43ED5B48C8376281BAB519271B7 ] ulsata2 C:\Windows\system32\drivers\ulsata2.sys
16:17:24.0486 4812 ulsata2 - ok
16:17:24.0502 4812 [ 46E9A994C4FED537DD951F60B86AD3F4 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
16:17:24.0533 4812 umbus - ok
16:17:24.0564 4812 [ 7093799FF80E9DECA0680D2E3535BE60 ] upnphost C:\Windows\System32\upnphost.dll
16:17:24.0611 4812 upnphost - ok
16:17:24.0673 4812 [ AF1B9474D67897D0C2CFF58E0ACEACCC ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
16:17:24.0689 4812 USBAAPL64 - ok
16:17:24.0720 4812 [ C6BA890DE6E41857FBE84175519CAE7D ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
16:17:24.0751 4812 usbaudio - ok
16:17:24.0767 4812 [ 07E3498FC60834219D2356293DA0FECC ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
16:17:24.0798 4812 usbccgp - ok
16:17:24.0814 4812 [ 9247F7E0B65852C1F6631480984D6ED2 ] usbcir C:\Windows\system32\drivers\usbcir.sys
16:17:24.0860 4812 usbcir - ok
16:17:24.0892 4812 [ 827E44DE934A736EA31E91D353EB126F ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
16:17:24.0923 4812 usbehci - ok
16:17:24.0923 4812 [ BB35CD80A2ECECFADC73569B3D70C7D1 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
16:17:24.0954 4812 usbhub - ok
16:17:24.0970 4812 [ EBA14EF0C07CEC233F1529C698D0D154 ] usbohci C:\Windows\system32\drivers\usbohci.sys
16:17:25.0032 4812 usbohci - ok
16:17:25.0063 4812 [ 28B693B6D31E7B9332C1BDCEFEF228C1 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
16:17:25.0094 4812 usbprint - ok
16:17:25.0126 4812 [ EA0BF666868964FBE8CB10E50C97B9F1 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
16:17:25.0157 4812 usbscan - ok
16:17:25.0188 4812 [ B854C1558FCA0C269A38663E8B59B581 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
16:17:25.0204 4812 USBSTOR - ok
16:17:25.0219 4812 [ B2872CBF9F47316ABD0E0C74A1ABA507 ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
16:17:25.0250 4812 usbuhci - ok
16:17:25.0282 4812 [ FC33099877790D51B0927B7039059855 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys
16:17:25.0313 4812 usbvideo - ok
16:17:25.0328 4812 [ D76E231E4850BB3F88A3D9A78DF191E3 ] UxSms C:\Windows\System32\uxsms.dll
16:17:25.0360 4812 UxSms - ok
16:17:25.0391 4812 [ 294945381DFA7CE58CECF0A9896AF327 ] vds C:\Windows\System32\vds.exe
16:17:25.0438 4812 vds - ok
16:17:25.0453 4812 [ 916B94BCF1E09873FFF2D5FB11767BBC ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
16:17:25.0484 4812 vga - ok
16:17:25.0500 4812 [ B83AB16B51FEDA65DD81B8C59D114D63 ] VgaSave C:\Windows\System32\drivers\vga.sys
16:17:25.0547 4812 VgaSave - ok
16:17:25.0547 4812 [ 8294B6C3FDB6C33F24E150DE647ECDAA ] viaide C:\Windows\system32\drivers\viaide.sys
16:17:25.0562 4812 viaide - ok
16:17:25.0609 4812 [ 905DD422D28A32FACE8AE695B3823843 ] vidsflt67 C:\Windows\system32\DRIVERS\vsflt67.sys
16:17:25.0625 4812 vidsflt67 - ok
16:17:25.0640 4812 [ 2B7E885ED951519A12C450D24535DFCA ] volmgr C:\Windows\system32\drivers\volmgr.sys
16:17:25.0656 4812 volmgr - ok
16:17:25.0672 4812 [ CEC5AC15277D75D9E5DEC2E1C6EAF877 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
16:17:25.0718 4812 volmgrx - ok
16:17:25.0765 4812 [ 582F710097B46140F5A89A19A6573D4B ] volsnap C:\Windows\system32\drivers\volsnap.sys
16:17:25.0781 4812 volsnap - ok
16:17:25.0796 4812 [ A68F455ED2673835209318DD61BFBB0E ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
16:17:25.0812 4812 vsmraid - ok
16:17:25.0859 4812 [ B75232DAD33BFD95BF6F0A3E6BFF51E1 ] VSS C:\Windows\system32\vssvc.exe
16:17:25.0921 4812 VSS - ok
16:17:25.0952 4812 [ F14A7DE2EA41883E250892E1E5230A9A ] W32Time C:\Windows\system32\w32time.dll
16:17:25.0999 4812 W32Time - ok
16:17:26.0015 4812 [ FEF8FE5923FEAD2CEE4DFABFCE3393A7 ] WacomPen C:\Windows\system32\drivers\wacompen.sys
16:17:26.0077 4812 WacomPen - ok
16:17:26.0077 4812 [ B8E7049622300D20BA6D8BE0C47C0CFD ] Wanarp C:\Windows\system32\DRIVERS\wanarp.sys
16:17:26.0108 4812 Wanarp - ok
16:17:26.0124 4812 [ B8E7049622300D20BA6D8BE0C47C0CFD ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
16:17:26.0155 4812 Wanarpv6 - ok
16:17:26.0171 4812 [ B4E4C37D0AA6100090A53213EE2BF1C1 ] wcncsvc C:\Windows\System32\wcncsvc.dll
16:17:26.0218 4812 wcncsvc - ok
16:17:26.0249 4812 [ EA4B369560E986F19D93F45A881484AC ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
16:17:26.0280 4812 WcsPlugInService - ok
16:17:26.0311 4812 [ 0C17A0816F65B89E362E682AD5E7266E ] Wd C:\Windows\system32\drivers\wd.sys
16:17:26.0327 4812 Wd - ok
16:17:26.0389 4812 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
16:17:26.0420 4812 Wdf01000 - ok
16:17:26.0436 4812 [ C5EFDA73EBFCA8B02A094898DE0A9276 ] WdiServiceHost C:\Windows\system32\wdi.dll
16:17:26.0467 4812 WdiServiceHost - ok
16:17:26.0483 4812 [ C5EFDA73EBFCA8B02A094898DE0A9276 ] WdiSystemHost C:\Windows\system32\wdi.dll
16:17:26.0514 4812 WdiSystemHost - ok
16:17:26.0530 4812 [ 3E6D05381CF35F75EBB055544A8ED9AC ] WebClient C:\Windows\System32\webclnt.dll
16:17:26.0545 4812 WebClient - ok
16:17:26.0592 4812 [ 8D40BC587993F876658BF9FB0F7D3462 ] Wecsvc C:\Windows\system32\wecsvc.dll
16:17:26.0608 4812 Wecsvc - ok
16:17:26.0608 4812 [ 9C980351D7E96288EA0C23AE232BD065 ] wercplsupport C:\Windows\System32\wercplsupport.dll
16:17:26.0639 4812 wercplsupport - ok
16:17:26.0654 4812 [ 66B9ECEBC46683F47EDC06333C075FEF ] WerSvc C:\Windows\System32\WerSvc.dll
16:17:26.0686 4812 WerSvc - ok
16:17:26.0732 4812 WinDefend - ok
16:17:26.0732 4812 WinHttpAutoProxySvc - ok
16:17:26.0795 4812 [ D2E7296ED1BD26D8DB2799770C077A02 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
16:17:26.0826 4812 Winmgmt - ok
16:17:26.0888 4812 [ 6CBB0C68F13B9C2EC1B16F5FA5E7C869 ] WinRM C:\Windows\system32\WsmSvc.dll
16:17:26.0951 4812 WinRM - ok
16:17:27.0013 4812 [ EC339C8115E91BAED835957E9A677F16 ] Wlansvc C:\Windows\System32\wlansvc.dll
16:17:27.0060 4812 Wlansvc - ok
16:17:27.0091 4812 [ E18AEBAAA5A773FE11AA2C70F65320F5 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
16:17:27.0107 4812 WmiAcpi - ok
16:17:27.0138 4812 [ 21FA389E65A852698B6A1341F36EE02D ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
16:17:27.0169 4812 wmiApSrv - ok
16:17:27.0169 4812 WMPNetworkSvc - ok
16:17:27.0200 4812 [ CBC156C913F099E6680D1DF9307DB7A8 ] WPCSvc C:\Windows\System32\wpcsvc.dll
16:17:27.0216 4812 WPCSvc - ok
16:17:27.0232 4812 [ 490A18B4E4D53DC10879DEAA8E8B70D9 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
16:17:27.0247 4812 WPDBusEnum - ok
16:17:27.0294 4812 [ 5E2401B3FC1089C90E081291357371A9 ] WpdUsb C:\Windows\system32\DRIVERS\wpdusb.sys
16:17:27.0310 4812 WpdUsb - ok
16:17:27.0684 4812 [ 991E2C2CF3BC204C2BB2EE1476149E4E ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe
16:17:27.0746 4812 WPFFontCache_v0400 - ok
16:17:27.0762 4812 [ 8A900348370E359B6BFF6A550E4649E1 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
16:17:27.0809 4812 ws2ifsl - ok
16:17:27.0840 4812 [ 9EA3E6D0EF7A5C2B9181961052A4B01A ] wscsvc C:\Windows\System32\wscsvc.dll
16:17:27.0856 4812 wscsvc - ok
16:17:27.0856 4812 WSearch - ok
16:17:27.0949 4812 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
16:17:28.0043 4812 wuauserv - ok
16:17:28.0074 4812 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
16:17:28.0090 4812 WudfPf - ok
16:17:28.0105 4812 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
16:17:28.0121 4812 WUDFRd - ok
16:17:28.0183 4812 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
16:17:28.0199 4812 wudfsvc - ok
16:17:28.0261 4812 [ 1CACFEF9E5DD866C5B79A135EE729E18 ] {55662437-DA8C-40c0-AADA-2C816A897A49} C:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl
16:17:28.0277 4812 {55662437-DA8C-40c0-AADA-2C816A897A49} - ok
16:17:28.0277 4812 ================ Scan global ===============================
16:17:28.0308 4812 [ 060DC3A7A9A2626031EB23D90151428D ] C:\Windows\system32\basesrv.dll
16:17:28.0339 4812 [ AA137104CDFC81818A309CDE32ABB74A ] C:\Windows\system32\winsrv.dll
16:17:28.0355 4812 [ AA137104CDFC81818A309CDE32ABB74A ] C:\Windows\system32\winsrv.dll
16:17:28.0386 4812 [ 934E0B7D77FF78C18D9F8891221B6DE3 ] C:\Windows\system32\services.exe
16:17:28.0386 4812 [Global] - ok
16:17:28.0386 4812 ================ Scan MBR ==================================
16:17:28.0402 4812 [ 81CD5EC01DB0CE57EDD853F82462EF27 ] \Device\Harddisk0\DR0
16:17:29.0406 4812 \Device\Harddisk0\DR0 - ok
16:17:29.0416 4812 [ F05261C246CE4B3C544521FFFF7AEF5D ] \Device\Harddisk1\DR1
16:17:31.0563 4812 \Device\Harddisk1\DR1 - ok
16:17:31.0563 4812 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk2\DR2
16:17:31.0641 4812 \Device\Harddisk2\DR2 - ok
16:17:31.0641 4812 ================ Scan VBR ==================================
16:17:31.0657 4812 [ 0195742A65C7EE1BA1E620D5B4B828A5 ] \Device\Harddisk0\DR0\Partition1
16:17:31.0657 4812 \Device\Harddisk0\DR0\Partition1 - ok
16:17:31.0688 4812 [ 56ACAB07268653601D6771A4EAB0DDD3 ] \Device\Harddisk0\DR0\Partition2
16:17:31.0688 4812 \Device\Harddisk0\DR0\Partition2 - ok
16:17:31.0688 4812 [ 3C86E7712B52FA115A1064D2DE77EA04 ] \Device\Harddisk1\DR1\Partition1
16:17:31.0688 4812 \Device\Harddisk1\DR1\Partition1 - ok
16:17:31.0704 4812 [ E3DB6F720B861D8195D942FF069DB3E6 ] \Device\Harddisk2\DR2\Partition1
16:17:31.0704 4812 \Device\Harddisk2\DR2\Partition1 - ok
16:17:31.0704 4812 ============================================================
16:17:31.0704 4812 Scan finished
16:17:31.0704 4812 ============================================================
16:17:31.0719 5196 Detected object count: 3
16:17:31.0719 5196 Actual detected object count: 3
16:17:34.0496 5196 HP Health Check Service ( UnsignedFile.Multi.Generic ) - skipped by user
16:17:34.0496 5196 HP Health Check Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:17:34.0512 5196 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
16:17:34.0512 5196 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:17:34.0512 5196 PCD5SRVC{8AAF211B-043E02A9-05040000} ( UnsignedFile.Multi.Generic ) - skipped by user
16:17:34.0512 5196 PCD5SRVC{8AAF211B-043E02A9-05040000} ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:17:44.0371 4748 Deinitialize success
|
|
23.03.2013, 19:10
| #21 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Heur:Exploit.java.cve-2012-1723.gen entfernen Dann bitte jetzt Combofix ausführen: Scan mit Combofix
__________________ --> Heur:Exploit.java.cve-2012-1723.gen entfernen |
|
23.03.2013, 21:32
| #22 |
| | Heur:Exploit.java.cve-2012-1723.gen entfernenCode:
ATTFilter ComboFix 13-03-23.01 - Ron 23.03.2013 21:06:18.1.4 - x64
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.49.1031.18.6142.3671 [GMT 1:00]
ausgeführt von:: c:\users\Ron\Desktop\ComboFix.exe
AV: Kaspersky Internet Security *Disabled/Updated* {2EAA32A5-1EE1-1B22-95DA-337730C6E984}
FW: Kaspersky Internet Security *Disabled* {1691B380-548E-1A7A-BE85-9A42CE15AEFF}
SP: Kaspersky Internet Security *Disabled/Updated* {95CBD341-38DB-14AC-AF6A-08054B41A339}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\IsUn0407.exe
H:\Autorun.inf
.
.
((((((((((((((((((((((( Dateien erstellt von 2013-02-23 bis 2013-03-23 ))))))))))))))))))))))))))))))
.
.
2013-03-23 20:03 . 2013-03-23 20:04 -------- d-----w- C:\32788R22FWJFW
2013-03-22 19:17 . 2013-03-22 19:17 -------- d-----w- c:\program files (x86)\Common Files\Java
2013-03-22 19:16 . 2013-03-22 19:16 95648 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-03-20 19:54 . 2013-02-12 02:18 19456 ----a-w- c:\windows\system32\drivers\usb8023.sys
2013-03-19 05:58 . 2013-03-19 05:58 -------- d-----w- c:\program files (x86)\7-Zip
2013-03-17 11:45 . 2013-03-17 11:45 -------- d-----w- c:\users\Ron\AppData\Roaming\Malwarebytes
2013-03-17 11:45 . 2013-03-17 11:45 -------- d-----w- c:\programdata\Malwarebytes
2013-03-17 11:45 . 2012-12-14 15:49 24176 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-03-17 11:45 . 2013-03-17 11:45 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2013-03-14 06:10 . 2013-02-02 06:51 887808 ----a-w- c:\program files\Internet Explorer\iedvtool.dll
2013-03-14 06:10 . 2013-02-02 07:31 17815040 ----a-w- c:\windows\system32\mshtml.dll
2013-03-14 06:10 . 2013-02-02 06:58 10925568 ----a-w- c:\windows\system32\ieframe.dll
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-03-22 19:16 . 2012-05-05 13:21 861088 ----a-w- c:\windows\SysWow64\npdeployJava1.dll
2013-03-22 19:16 . 2010-05-05 12:19 782240 ----a-w- c:\windows\SysWow64\deployJava1.dll
2013-03-14 06:12 . 2006-11-02 12:35 72013344 ----a-w- c:\windows\system32\mrt.exe
2013-03-13 17:25 . 2012-07-05 17:40 693976 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-03-13 17:25 . 2012-02-18 10:36 73432 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-01-05 05:37 . 2013-02-14 17:01 4695400 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-01-04 11:31 . 2013-02-14 17:08 1423720 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-01-04 01:59 . 2013-02-14 17:06 2773504 ----a-w- c:\windows\system32\win32k.sys
2010-01-04 14:43 . 2010-01-06 21:00 152848 ----a-w- c:\program files (x86)\Common Files\Comdlg32.ocx
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 138240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"UpdateP2GoShortCut"="c:\program files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2008-10-30 210216]
"UpdatePSTShortCut"="c:\program files (x86)\CyberLink\CyberLink DVD Suite Deluxe\MUITransfer\MUIStartMenu.exe" [2008-11-26 210216]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-18 421888]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-27 59280]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-09-09 421776]
"avp"="c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe" [2012-10-31 206448]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - 65337534
*NewlyCreated* - ASWMBR
*Deregistered* - 65337534
*Deregistered* - aswMBR
.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
Themes
ezSharedSvc
.
Inhalt des "geplante Tasks" Ordners
.
2013-03-23 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-05 17:25]
.
2009-08-05 c:\windows\Tasks\PCDRScheduledMaintenance.job
- c:\program files\PC-Doctor for Windows\pcdr5cuiw32.exe [2008-11-05 18:26]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CanonSolutionMenu"="c:\program files (x86)\Canon\SolutionMenu\CNSLMAIN.exe" [2008-03-10 689488]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2008-03-17 2114376]
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.de/
uLocal Page = c:\windows\system32\blank.htm
uDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=92&bd=Pavilion&pf=cndt
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=92&bd=Pavilion&pf=cndt
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Hinzufügen zu Anti-Banner - c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ie_banner_deny.htm
IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\Ron\AppData\Roaming\Mozilla\Firefox\Profiles\pqanxrtx.default\
FF - ExtSQL: !HIDDEN! 2009-08-07 06:26; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - ExtSQL: !HIDDEN! 2012-02-21 16:48; linkfilter@kaspersky.ru; c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\linkfilter@kaspersky.ru
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
URLSearchHooks-{cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - c:\program files (x86)\softonic-de3\tbsoft.dll
BHO-{cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - c:\program files (x86)\softonic-de3\tbsoft.dll
Toolbar-{cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - c:\program files (x86)\softonic-de3\tbsoft.dll
SafeBoot-WudfPf
SafeBoot-WudfRd
WebBrowser-{CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065} - (no file)
HKLM-Run-SmartMenu - c:\program files (x86)\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-Free YouTube Download_is1 - c:\program files (x86)\DVDVideoSoft\Free YouTube Download\unins000.exe
AddRemove-pywin32-py2.6 - c:\program files (x86)\Python\Removepywin32.exe
AddRemove-sp43204 - c:\hp\Softpaq\sp43204\sp43204.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\PCD5SRVC{8AAF211B-043E02A9-05040000}]
"ImagePath"="\??\c:\progra~1\PC-DOC~1\PCD5SRVC_x64.pkms"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\{55662437-DA8C-40c0-AADA-2C816A897A49}]
"ImagePath"="\??\c:\program files (x86)\Hewlett-Packard\Media\DVD\000.fcl"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
Zeit der Fertigstellung: 2013-03-23 21:26:22
ComboFix-quarantined-files.txt 2013-03-23 20:26
.
Vor Suchlauf: 7 Verzeichnis(se), 407.316.873.216 Bytes frei
Nach Suchlauf: 17 Verzeichnis(se), 410.835.632.128 Bytes frei
.
- - End Of File - - 846A14F09BA07FAEFB1862A899751F20
|
|
24.03.2013, 13:24
| #23 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Heur:Exploit.java.cve-2012-1723.gen entfernen JRT - Junkware Removal Tool Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Im Anschluss: adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Danach eine Kontrolle mit OTL bitte:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
24.03.2013, 17:40
| #24 |
| | Heur:Exploit.java.cve-2012-1723.gen entfernen Hallo Cosinus! mein Rechner ist scon merklich schneller! Komme leider erst wieder nächste Woche dazu, Deine Anweisungen durchzuführen! Wahnsinn, das es Euch gib! |
|
24.03.2013, 17:50
| #25 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Heur:Exploit.java.cve-2012-1723.gen entfernen Ok aber eine Bitte: lass solche Zwischenrufe, poste nur wenn es Probleme gibt oder wenn du die Logs hast (diese dann auch posten in CODE-Tags)
__________________ Logfiles bitte immer in CODE-Tags posten |
|
31.03.2013, 16:59
| #26 |
| | Heur:Exploit.java.cve-2012-1723.gen entfernenCode:
ATTFilter Services
~~~ Registry Values
Successfully repaired: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\main\\Start Page
Successfully repaired: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\main\\Default_Page_URL
~~~ Registry Keys
Successfully deleted: [Registry Key] hkey_local_machine\software\conduit
Successfully deleted: [Registry Key] hkey_current_user\software\softonic
Successfully deleted: [Registry Key] hkey_current_user\software\appdatalow\software\conduit
Successfully deleted: [Registry Key] hkey_current_user\software\appdatalow\toolbar
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\applications\ilividsetup.exe
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\software\classes\Toolbar.CT2431245
Successfully deleted: [Registry Key] hkey_classes_root\clsid\{3c471948-f874-49f5-b338-4f214a2ee0b1}
Successfully deleted: [Registry Key] hkey_current_user\software\microsoft\internet explorer\searchscopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\internet explorer\searchscopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}
~~~ Files
Successfully deleted: [File] "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ebay.lnk"
~~~ Folders
Successfully deleted: [Folder] "C:\Users\Ron\AppData\Roaming\dvdvideosoftiehelpers"
Successfully deleted: [Folder] "C:\Users\Ron\appdata\locallow\conduit"
Successfully deleted: [Folder] "C:\Program Files (x86)\conduit"
~~~ FireFox
Successfully deleted: [Folder] C:\Users\Ron\AppData\Roaming\mozilla\firefox\profiles\pqanxrtx.default\extensions\{acaa314b-eeba-48e4-ad47-84e31c44796c}
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 31.03.2013 at 17:08:41,29
End of JRT log
Code:
ATTFilter AdwCleaner v2.115 - Datei am 31/03/2013 um 17:21:41 erstellt
# Aktualisiert am 17/03/2013 von Xplode
# Betriebssystem : Windows (TM) Vista Home Premium Service Pack 2 (64 bits)
# Benutzer : Ron - RON-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Ron\Desktop\adwcleaner.exe
# Option [Löschen]
**** [Dienste] ****
***** [Dateien / Ordner] *****
Gelöscht mit Neustart : C:\Users\Ron\AppData\LocalLow\softonic-de3
***** [Registrierungsdatenbank] *****
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\softonic-de3
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{B5A150D7-2D93-4F3A-9E75-C30A13264239}
Schlüssel Gelöscht : HKLM\Software\softonic-de3
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{761F6A83-F007-49E4-8EAC-CDB6808EF06F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{97D69524-BB57-4185-9C7F-5F05593B771A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{B5A150D7-2D93-4F3A-9E75-C30A13264239}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065}
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065}]
Wert Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065}]
***** [Internet Browser] *****
-\\ Internet Explorer v9.0.8112.16470
[OK] Die Registrierungsdatenbank ist sauber.
-\\ Mozilla Firefox v11.0 (de)
Datei : C:\Users\Ron\AppData\Roaming\Mozilla\Firefox\Profiles\pqanxrtx.default\prefs.js
[OK] Die Datei ist sauber.
*************************
AdwCleaner[S1].txt - [2064 octets] - [31/03/2013 17:21:41]
########## EOF - C:\AdwCleaner[S1].txt - [2124 octets] ##########
Code:
ATTFilter OTL Extras logfile created on: 31.03.2013 17:31:32 - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Ron\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
6,00 Gb Total Physical Memory | 4,27 Gb Available Physical Memory | 71,18% Memory free
12,11 Gb Paging File | 10,21 Gb Available in Paging File | 84,33% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 582,33 Gb Total Space | 380,55 Gb Free Space | 65,35% Space Free | Partition Type: NTFS
Drive D: | 13,84 Gb Total Space | 1,54 Gb Free Space | 11,12% Space Free | Partition Type: NTFS
Drive E: | 596,17 Gb Total Space | 591,92 Gb Free Space | 99,29% Space Free | Partition Type: NTFS
Drive H: | 931,51 Gb Total Space | 762,96 Gb Free Space | 81,91% Space Free | Partition Type: NTFS
Computer Name: RON-PC | User Name: Ron | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
[HKEY_USERS\S-1-5-21-2673002154-866942330-3263328844-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = 9F 9E 16 8C DC 5B C8 01 [binary data]
"VistaSp2" = B1 C4 FB C5 25 4B CA 01 [binary data]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
========== Firewall Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0717930C-1A31-49A0-ADAC-93CAC8CFD9A8}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{0FAE24B0-A1F5-45FC-B391-D7CF7664FAC7}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartvideo.exe |
"{1C632877-3F4A-4733-9395-2AE570A1E0EE}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{230CE759-79A9-4A6C-9748-256BD3F8DF3D}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hpdvdsmart.exe |
"{28079C2F-EF06-4EAC-8EFE-6020A4E7DC92}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartmusic.exe |
"{35E318B8-D6C5-4651-B300-0291A29DC4FD}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\kernel\clml\clmlsvc.exe |
"{500CCE24-F335-48F6-9310-5C4F781E6C3E}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\hptouchsmartphoto.exe |
"{559010AB-F5FD-412B-A3E1-B6D2B11B5EF1}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\hptouchsmartmusic.exe |
"{5AB752FD-793A-41FA-92ED-F912787F823B}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{5B083104-6E0C-4E44-94A3-7BC87B7BC9F0}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\tsmagent.exe |
"{5D0D07D5-0D32-42D3-971F-F2899F18427F}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\tsmagent.exe |
"{6101F6D8-16E7-4D99-9069-3E557D5CBC8D}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hpdvdsmart.exe |
"{6FBAF1A4-AE74-4D71-A094-500E3324085A}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\kernel\clml\clmlsvc.exe |
"{76934180-85CD-41A9-AAA9-6101E0537F1E}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{8412133C-24C1-41F1-88AC-97AE2A5F4309}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{8AC5445A-D573-4451-9D7E-510D31D5A2D7}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartmusic.exe |
"{8B915CB9-0F64-4A76-B86E-41C0C73B1FC9}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\hptouchsmartvideo.exe |
"{A2D601EB-9907-4430-8A4C-327617A498E4}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartvideo.exe |
"{A3903AC9-7CBC-4F9A-99B4-A6F7F6625DD1}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\kernel\clml\clmlsvc.exe |
"{A56E82B7-7534-4C28-A661-9437CA3A2DEB}" = protocol=6 | dir=in | app=c:\program files (x86)\logitech\vid hd\vid.exe |
"{A67895BD-FC71-4304-8D00-9FEC3E6DBDE6}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\tsmagent.exe |
"{BA9EC296-8434-4583-ACAB-0E78C783702F}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\tv\qpservice.exe |
"{D210E0E9-0842-4E57-9C6C-125817393DD2}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartphoto.exe |
"{E2AF6A57-7368-4E71-BC19-753A73C59DAB}" = protocol=17 | dir=in | app=c:\program files (x86)\logitech\vid hd\vid.exe |
"{F6F33C65-D2EB-4507-9026-AFFCBD8A8C22}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{FBA5DADC-977F-413A-ACC5-02431B352C15}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartphoto.exe |
"{FC99AE03-D292-48F7-BB91-477CDCDECF79}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\tv\qp.exe |
"TCP Query User{1D7890CB-F2C2-43FD-9D91-710546164C45}C:\program files (x86)\napster\napster.exe" = protocol=6 | dir=in | app=c:\program files (x86)\napster\napster.exe |
"UDP Query User{0BD0618D-6611-423F-9FE6-22B200E02915}C:\program files (x86)\napster\napster.exe" = protocol=17 | dir=in | app=c:\program files (x86)\napster\napster.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP630_series" = Canon MP630 series MP Drivers
"{1493B2AE-0261-47D2-B1AA-F4DAD0F6C48B}" = iTunes
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{4FFA2088-8317-3B14-93CD-4C699DB37843}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{7446FE8D-C1F9-4D42-AAAE-5DBCE58605A6}" = Apple Mobile Device Support
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE42CFF5-F477-D440-6CFB-6CBAE0008B91}" = AMD Catalyst Install Manager
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F1568AA6-5982-4AFB-A871-C68E4328BC3B}" = HP MediaSmart SmartMenu
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"NVIDIA Drivers" = NVIDIA Drivers
"PC-Doctor for Windows" = Hardware Diagnose Tools
"WinRAR archiver" = WinRAR 4.20 (64-Bit)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0295F89F-F698-4101-9A7D-49F407EC2D82}" = HP Active Support Library
"{03BF5CB1-B72E-4CA6-A278-F65680F05420}" = HP Picasso Media Center Add-In
"{04830D0F-F980-4EC0-89F1-594F2FD2A1B5}" = ElsterFormular 2008/2009
"{0D4D67AB-C830-1787-5868-7EB8CDE396FD}" = Catalyst Control Center InstallProxy
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{16FD907B-FA72-4F3C-B959-E076C8238F80}" = Napster Label Creator
"{172423F9-522A-483A-AD65-03600CE4CA4F}" = Microsoft Works 6-9 Converter
"{18613ADB-2125-4C71-BBD7-D56136683509}" = MAGIX Audio Cleaning Lab 17 deluxe
"{1CC069FA-1A86-402E-9787-3F04E652C67A}" = HP Support Information
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite Deluxe
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 17
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{45E557D6-2271-4F13-8101-C620B4285AB0}" = Kaspersky Internet Security 2012
"{47F36D92-E58E-456D-B73C-3382737E4C42}" = HP Update
"{47FA2C44-D148-4DBC-AF60-B91934AA4842}" = Adobe AIR
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{63EC2120-1742-4625-AA47-C6A8AEC9C64C}" = Apple Application Support
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{87441A59-5E64-4096-A170-14EFE67200C3}" = Picture Control Utility
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DCE550C-CA43-4E82-92DF-FFC4A48F5BE1}" = Napster Burn Engine
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0407-1000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{95140000-0137-0407-0000-0000000FF1CE}" = Microsoft Works 6-9 Converter
"{95A747E0-DF19-46CB-A622-20A0107201BD}" = HP Total Care Setup
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9CC89170-000B-457D-91F1-53691F85B223}" = Python 2.6.1
"{A0640EC2-B97E-4FC1-AD14-227C9E386BB4}" = HP Recovery Manager RSS
"{AC76BA86-7AD7-1031-7B44-A95000000001}" = Adobe Reader 9.5.1 - Deutsch
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}" = HP MediaSmart Music/Photo/Video
"{B8AC1A89-FFD1-4F97-8051-E505A160F562}" = HP Odometer
"{BBBCAE4B-B416-4182-A6F2-438180894A81}" = Napster
"{D722CF4B-4B06-BF11-FDEA-BD1B319FEA57}" = muvee Reveal
"{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
"{E1591139-8B44-411B-A81B-D35F83A0565A}" = HP Customer Experience Enhancements
"{E9E34215-82EF-4909-BE2F-F581F0DC9062}" = DirectX for Managed Code Update (Summer 2004)
"{EBE030DD-D404-4D92-85E9-8C3624820808}_is1" = Light Image Resizer 4.0.6.8
"{EEC010D0-1252-4E1D-BAD9-F1B8F414535C}" = PL-2303 Vista Driver Installer
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{FF34AF1C-705B-424A-A850-1A1F61D6EB71}" = MAGIX Speed 2 (MSI)
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"7-Zip" = 7-Zip 9.20
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.9
"Canon MP630 series Benutzerregistrierung" = Canon MP630 series Benutzerregistrierung
"CanonMyPrinter" = Canon Utilities My Printer
"CanonSolutionMenu" = Canon Utilities Solution Menu
"Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX
"ElsterFormular" = ElsterFormular
"FormatFactory" = FormatFactory 2.50
"Free YouTube Download_is1" = Free YouTube Download 2.9
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite Deluxe
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"InstallShield_{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}" = HP MediaSmart Music/Photo/Video
"InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
"InstallWIX_{45E557D6-2271-4F13-8101-C620B4285AB0}" = Kaspersky Internet Security 2012
"Logitech Vid" = Logitech Vid HD
"MAGIX_MSI_mclab_17dlx" = MAGIX Audio Cleaning Lab 17 deluxe
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100
"Mozilla Firefox 11.0 (x86 de)" = Mozilla Firefox 11.0 (x86 de)
"MP Navigator EX 2.0" = Canon MP Navigator EX 2.0
"MyMDb_0" = MyMDb 3.6
"pywin32-py2.6" = Python 2.6 pywin32-212
"sp43204" = sp43204
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 31.03.2013 11:25:03 | Computer Name = Ron-PC | Source = WinMgmt | ID = 10
Description =
Error - 31.03.2013 11:28:49 | Computer Name = Ron-PC | Source = SideBySide | ID = 16842830
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Users\Ron\Downloads\SoftonicDownloader_fuer_free-youtube-download.exe".
Fehler in Manifest- oder Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche
Komponentenversion steht in Konflikt mit einer anderen bereits aktiven Komponentenversion.
Die
widersprüchlichen Komponenten sind: Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3.manifest.
Komponente
2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest.
[ System Events ]
Error - 31.03.2013 11:25:04 | Computer Name = Ron-PC | Source = Service Control Manager | ID = 7026
Description =
< End of report >
OTL EXTRAS Logfile: Code:
ATTFilter OTL Extras logfile created on: 31.03.2013 17:31:32 - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Ron\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
6,00 Gb Total Physical Memory | 4,27 Gb Available Physical Memory | 71,18% Memory free
12,11 Gb Paging File | 10,21 Gb Available in Paging File | 84,33% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 582,33 Gb Total Space | 380,55 Gb Free Space | 65,35% Space Free | Partition Type: NTFS
Drive D: | 13,84 Gb Total Space | 1,54 Gb Free Space | 11,12% Space Free | Partition Type: NTFS
Drive E: | 596,17 Gb Total Space | 591,92 Gb Free Space | 99,29% Space Free | Partition Type: NTFS
Drive H: | 931,51 Gb Total Space | 762,96 Gb Free Space | 81,91% Space Free | Partition Type: NTFS
Computer Name: RON-PC | User Name: Ron | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
[HKEY_USERS\S-1-5-21-2673002154-866942330-3263328844-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = 9F 9E 16 8C DC 5B C8 01 [binary data]
"VistaSp2" = B1 C4 FB C5 25 4B CA 01 [binary data]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
========== Firewall Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0717930C-1A31-49A0-ADAC-93CAC8CFD9A8}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{0FAE24B0-A1F5-45FC-B391-D7CF7664FAC7}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartvideo.exe |
"{1C632877-3F4A-4733-9395-2AE570A1E0EE}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{230CE759-79A9-4A6C-9748-256BD3F8DF3D}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hpdvdsmart.exe |
"{28079C2F-EF06-4EAC-8EFE-6020A4E7DC92}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartmusic.exe |
"{35E318B8-D6C5-4651-B300-0291A29DC4FD}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\kernel\clml\clmlsvc.exe |
"{500CCE24-F335-48F6-9310-5C4F781E6C3E}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\hptouchsmartphoto.exe |
"{559010AB-F5FD-412B-A3E1-B6D2B11B5EF1}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\hptouchsmartmusic.exe |
"{5AB752FD-793A-41FA-92ED-F912787F823B}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{5B083104-6E0C-4E44-94A3-7BC87B7BC9F0}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\tsmagent.exe |
"{5D0D07D5-0D32-42D3-971F-F2899F18427F}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\tsmagent.exe |
"{6101F6D8-16E7-4D99-9069-3E557D5CBC8D}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hpdvdsmart.exe |
"{6FBAF1A4-AE74-4D71-A094-500E3324085A}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\kernel\clml\clmlsvc.exe |
"{76934180-85CD-41A9-AAA9-6101E0537F1E}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{8412133C-24C1-41F1-88AC-97AE2A5F4309}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{8AC5445A-D573-4451-9D7E-510D31D5A2D7}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartmusic.exe |
"{8B915CB9-0F64-4A76-B86E-41C0C73B1FC9}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\hptouchsmartvideo.exe |
"{A2D601EB-9907-4430-8A4C-327617A498E4}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartvideo.exe |
"{A3903AC9-7CBC-4F9A-99B4-A6F7F6625DD1}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\kernel\clml\clmlsvc.exe |
"{A56E82B7-7534-4C28-A661-9437CA3A2DEB}" = protocol=6 | dir=in | app=c:\program files (x86)\logitech\vid hd\vid.exe |
"{A67895BD-FC71-4304-8D00-9FEC3E6DBDE6}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\tsmagent.exe |
"{BA9EC296-8434-4583-ACAB-0E78C783702F}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\tv\qpservice.exe |
"{D210E0E9-0842-4E57-9C6C-125817393DD2}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartphoto.exe |
"{E2AF6A57-7368-4E71-BC19-753A73C59DAB}" = protocol=17 | dir=in | app=c:\program files (x86)\logitech\vid hd\vid.exe |
"{F6F33C65-D2EB-4507-9026-AFFCBD8A8C22}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{FBA5DADC-977F-413A-ACC5-02431B352C15}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartphoto.exe |
"{FC99AE03-D292-48F7-BB91-477CDCDECF79}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\tv\qp.exe |
"TCP Query User{1D7890CB-F2C2-43FD-9D91-710546164C45}C:\program files (x86)\napster\napster.exe" = protocol=6 | dir=in | app=c:\program files (x86)\napster\napster.exe |
"UDP Query User{0BD0618D-6611-423F-9FE6-22B200E02915}C:\program files (x86)\napster\napster.exe" = protocol=17 | dir=in | app=c:\program files (x86)\napster\napster.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP630_series" = Canon MP630 series MP Drivers
"{1493B2AE-0261-47D2-B1AA-F4DAD0F6C48B}" = iTunes
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{4FFA2088-8317-3B14-93CD-4C699DB37843}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{7446FE8D-C1F9-4D42-AAAE-5DBCE58605A6}" = Apple Mobile Device Support
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE42CFF5-F477-D440-6CFB-6CBAE0008B91}" = AMD Catalyst Install Manager
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F1568AA6-5982-4AFB-A871-C68E4328BC3B}" = HP MediaSmart SmartMenu
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"NVIDIA Drivers" = NVIDIA Drivers
"PC-Doctor for Windows" = Hardware Diagnose Tools
"WinRAR archiver" = WinRAR 4.20 (64-Bit)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0295F89F-F698-4101-9A7D-49F407EC2D82}" = HP Active Support Library
"{03BF5CB1-B72E-4CA6-A278-F65680F05420}" = HP Picasso Media Center Add-In
"{04830D0F-F980-4EC0-89F1-594F2FD2A1B5}" = ElsterFormular 2008/2009
"{0D4D67AB-C830-1787-5868-7EB8CDE396FD}" = Catalyst Control Center InstallProxy
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{16FD907B-FA72-4F3C-B959-E076C8238F80}" = Napster Label Creator
"{172423F9-522A-483A-AD65-03600CE4CA4F}" = Microsoft Works 6-9 Converter
"{18613ADB-2125-4C71-BBD7-D56136683509}" = MAGIX Audio Cleaning Lab 17 deluxe
"{1CC069FA-1A86-402E-9787-3F04E652C67A}" = HP Support Information
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite Deluxe
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 17
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{45E557D6-2271-4F13-8101-C620B4285AB0}" = Kaspersky Internet Security 2012
"{47F36D92-E58E-456D-B73C-3382737E4C42}" = HP Update
"{47FA2C44-D148-4DBC-AF60-B91934AA4842}" = Adobe AIR
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{63EC2120-1742-4625-AA47-C6A8AEC9C64C}" = Apple Application Support
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{87441A59-5E64-4096-A170-14EFE67200C3}" = Picture Control Utility
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DCE550C-CA43-4E82-92DF-FFC4A48F5BE1}" = Napster Burn Engine
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0407-1000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{95140000-0137-0407-0000-0000000FF1CE}" = Microsoft Works 6-9 Converter
"{95A747E0-DF19-46CB-A622-20A0107201BD}" = HP Total Care Setup
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9CC89170-000B-457D-91F1-53691F85B223}" = Python 2.6.1
"{A0640EC2-B97E-4FC1-AD14-227C9E386BB4}" = HP Recovery Manager RSS
"{AC76BA86-7AD7-1031-7B44-A95000000001}" = Adobe Reader 9.5.1 - Deutsch
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}" = HP MediaSmart Music/Photo/Video
"{B8AC1A89-FFD1-4F97-8051-E505A160F562}" = HP Odometer
"{BBBCAE4B-B416-4182-A6F2-438180894A81}" = Napster
"{D722CF4B-4B06-BF11-FDEA-BD1B319FEA57}" = muvee Reveal
"{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
"{E1591139-8B44-411B-A81B-D35F83A0565A}" = HP Customer Experience Enhancements
"{E9E34215-82EF-4909-BE2F-F581F0DC9062}" = DirectX for Managed Code Update (Summer 2004)
"{EBE030DD-D404-4D92-85E9-8C3624820808}_is1" = Light Image Resizer 4.0.6.8
"{EEC010D0-1252-4E1D-BAD9-F1B8F414535C}" = PL-2303 Vista Driver Installer
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{FF34AF1C-705B-424A-A850-1A1F61D6EB71}" = MAGIX Speed 2 (MSI)
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"7-Zip" = 7-Zip 9.20
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.9
"Canon MP630 series Benutzerregistrierung" = Canon MP630 series Benutzerregistrierung
"CanonMyPrinter" = Canon Utilities My Printer
"CanonSolutionMenu" = Canon Utilities Solution Menu
"Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX
"ElsterFormular" = ElsterFormular
"FormatFactory" = FormatFactory 2.50
"Free YouTube Download_is1" = Free YouTube Download 2.9
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite Deluxe
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"InstallShield_{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}" = HP MediaSmart Music/Photo/Video
"InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
"InstallWIX_{45E557D6-2271-4F13-8101-C620B4285AB0}" = Kaspersky Internet Security 2012
"Logitech Vid" = Logitech Vid HD
"MAGIX_MSI_mclab_17dlx" = MAGIX Audio Cleaning Lab 17 deluxe
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100
"Mozilla Firefox 11.0 (x86 de)" = Mozilla Firefox 11.0 (x86 de)
"MP Navigator EX 2.0" = Canon MP Navigator EX 2.0
"MyMDb_0" = MyMDb 3.6
"pywin32-py2.6" = Python 2.6 pywin32-212
"sp43204" = sp43204
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 31.03.2013 11:25:03 | Computer Name = Ron-PC | Source = WinMgmt | ID = 10
Description =
Error - 31.03.2013 11:28:49 | Computer Name = Ron-PC | Source = SideBySide | ID = 16842830
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Users\Ron\Downloads\SoftonicDownloader_fuer_free-youtube-download.exe".
Fehler in Manifest- oder Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche
Komponentenversion steht in Konflikt mit einer anderen bereits aktiven Komponentenversion.
Die
widersprüchlichen Komponenten sind: Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3.manifest.
Komponente
2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest.
[ System Events ]
Error - 31.03.2013 11:25:04 | Computer Name = Ron-PC | Source = Service Control Manager | ID = 7026
Description =
< End of report >
[code] nOTL Logfile: Code:
ATTFilter OTL logfile created on: 31.03.2013 17:31:32 - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Ron\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
6,00 Gb Total Physical Memory | 4,27 Gb Available Physical Memory | 71,18% Memory free
12,11 Gb Paging File | 10,21 Gb Available in Paging File | 84,33% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 582,33 Gb Total Space | 380,55 Gb Free Space | 65,35% Space Free | Partition Type: NTFS
Drive D: | 13,84 Gb Total Space | 1,54 Gb Free Space | 11,12% Space Free | Partition Type: NTFS
Drive E: | 596,17 Gb Total Space | 591,92 Gb Free Space | 99,29% Space Free | Partition Type: NTFS
Drive H: | 931,51 Gb Total Space | 762,96 Gb Free Space | 81,91% Space Free | Partition Type: NTFS
Computer Name: RON-PC | User Name: Ron | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - C:\Users\Ron\Desktop\OTL (1).exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe (Kaspersky Lab ZAO)
PRC - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
========== Modules (No Company Name) ==========
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\qtgui4.dll ()
MOD - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\qtsql4.dll ()
MOD - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\qtscript4.dll ()
MOD - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\qtnetwork4.dll ()
MOD - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\qtcore4.dll ()
MOD - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\qtdeclarative4.dll ()
MOD - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\imageformats\qgif4.dll ()
========== Services (SafeList) ==========
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (AVP) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe (Kaspersky Lab ZAO)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (IAANTMON) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
SRV - (ezSharedSvc) -- C:\Windows\SysWOW64\ezsvc7.dll (EasyBits Sofware AS)
========== Driver Services (SafeList) ==========
DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (KLIF) -- C:\Windows\SysNative\DRIVERS\klif.sys (Kaspersky Lab)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (vidsflt67) -- C:\Windows\SysNative\DRIVERS\vsflt67.sys (Acronis)
DRV:64bit: - (fltsrv) -- C:\Windows\SysNative\DRIVERS\fltsrv.sys (Acronis)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\Drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\DRIVERS\atikmdag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\DRIVERS\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdLH6.sys (Advanced Micro Devices)
DRV:64bit: - (KLIM6) -- C:\Windows\SysNative\DRIVERS\klim6.sys (Kaspersky Lab ZAO)
DRV:64bit: - (kl2) -- C:\Windows\SysNative\DRIVERS\kl2.sys (Kaspersky Lab ZAO)
DRV:64bit: - (KL1) -- C:\Windows\SysNative\DRIVERS\kl1.sys (Kaspersky Lab ZAO)
DRV:64bit: - (klmouflt) -- C:\Windows\SysNative\DRIVERS\klmouflt.sys (Kaspersky Lab)
DRV:64bit: - (LVUVC64) -- C:\Windows\SysNative\DRIVERS\lvuvc64.sys (Logitech Inc.)
DRV:64bit: - (WpdUsb) -- C:\Windows\SysNative\DRIVERS\wpdusb.sys (Microsoft Corporation)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iastor.sys (Intel Corporation)
DRV:64bit: - (RTL8169) -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys (Realtek Corporation )
DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\Drivers\PxHlpa64.sys (Sonic Solutions)
DRV - ({55662437-DA8C-40c0-AADA-2C816A897A49}) -- C:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl (CyberLink Corp.)
DRV - (PCD5SRVC{8AAF211B-043E02A9-05040000}) -- C:\Programme\PC-Doctor for Windows\pcd5srvc_x64.pkms (PC-Doctor, Inc.)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=92&bd=Pavilion&pf=cndt
IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE:64bit: - HKLM\..\SearchScopes\{7C638C6B-5B27-4A85-83CB-40250D1E4AC4}: "URL" = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1145&query={searchTerms}&invocationType=tb50hpcndtie7-de-de
IE:64bit: - HKLM\..\SearchScopes\{CA8FE908-E845-4081-937D-C045FEC0FC98}: "URL" = hxxp://de.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913933
IE:64bit: - HKLM\..\SearchScopes\{EFA2CDF5-331C-4E0D-ADEE-706B5C3B0896}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06&type=ie2008
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\..\SearchScopes\{7C638C6B-5B27-4A85-83CB-40250D1E4AC4}: "URL" = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1145&query={searchTerms}&invocationType=tb50hpcndtie7-de-de
IE - HKLM\..\SearchScopes\{CA8FE908-E845-4081-937D-C045FEC0FC98}: "URL" = hxxp://de.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913933
IE - HKLM\..\SearchScopes\{EFA2CDF5-331C-4E0D-ADEE-706B5C3B0896}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06&type=ie2008
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-2673002154-866942330-3263328844-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
IE - HKU\S-1-5-21-2673002154-866942330-3263328844-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKU\S-1-5-21-2673002154-866942330-3263328844-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-2673002154-866942330-3263328844-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com/ie
IE - HKU\S-1-5-21-2673002154-866942330-3263328844-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie
IE - HKU\S-1-5-21-2673002154-866942330-3263328844-1000\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKU\S-1-5-21-2673002154-866942330-3263328844-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ADRA_de
IE - HKU\S-1-5-21-2673002154-866942330-3263328844-1000\..\SearchScopes\{7C638C6B-5B27-4A85-83CB-40250D1E4AC4}: "URL" = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1145&query={searchTerms}&invocationType=tb50hpcndtie7-de-de
IE - HKU\S-1-5-21-2673002154-866942330-3263328844-1000\..\SearchScopes\{CA8FE908-E845-4081-937D-C045FEC0FC98}: "URL" = hxxp://de.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913933
IE - HKU\S-1-5-21-2673002154-866942330-3263328844-1000\..\SearchScopes\{EFA2CDF5-331C-4E0D-ADEE-706B5C3B0896}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06&type=ie2008
IE - HKU\S-1-5-21-2673002154-866942330-3263328844-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2673002154-866942330-3263328844-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ==========
FF - prefs.js..extensions.enabledAddons: KavAntiBanner@Kaspersky.ru:12.0.1.511
FF - prefs.js..extensions.enabledItems: linkfilter@kaspersky.ru:9.0.0.463
FF - user.js - File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\linkfilter@kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\linkfilter@kaspersky.ru [2012.10.31 20:38:24 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtualKeyboard@kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\virtualKeyboard@kaspersky.ru [2012.10.31 20:38:24 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\KavAntiBanner@Kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\KavAntiBanner@Kaspersky.ru [2012.10.31 20:38:24 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.06.04 20:28:55 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
[2010.06.16 20:33:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ron\AppData\Roaming\mozilla\Extensions
[2013.03.31 17:08:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ron\AppData\Roaming\mozilla\Firefox\Profiles\pqanxrtx.default\extensions
[2012.03.13 22:59:56 | 000,020,591 | ---- | M] () (No name found) -- C:\Users\Ron\AppData\Roaming\mozilla\firefox\profiles\pqanxrtx.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}.xpi
[2013.03.22 21:15:22 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012.05.05 15:21:28 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA}
[2010.06.16 22:32:50 | 000,000,000 | ---D | M] (Kaspersky URL Advisor) -- C:\Program Files (x86)\Mozilla Firefox\extensions\linkfilter@kaspersky.ru
[2012.10.31 20:38:24 | 000,000,000 | ---D | M] (Anti-Banner) -- C:\PROGRAM FILES (X86)\KASPERSKY LAB\KASPERSKY INTERNET SECURITY 2012\FFEXT\KAVANTIBANNER@KASPERSKY.RU
[2012.04.04 18:22:57 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.02.16 13:02:53 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.02.16 12:48:01 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.02.16 13:02:53 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.02.16 13:02:53 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.02.16 13:02:53 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.02.16 13:02:53 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
O1 HOSTS File: ([2013.03.23 22:23:15 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\ievkbd.dll (Kaspersky Lab ZAO)
O2:64bit: - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\klwtbbho.dll (Kaspersky Lab ZAO)
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll (Kaspersky Lab ZAO)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll (Kaspersky Lab ZAO)
O4:64bit: - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4:64bit: - HKLM..\Run: [CanonSolutionMenu] C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4:64bit: - HKLM..\Run: [SmartMenu] C:\Programme\Hewlett-Packard\HP MediaSmart\SmartMenu.exe (Hewlett-Packard)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avp] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe (Kaspersky Lab ZAO)
O4 - HKLM..\Run: [UpdateP2GoShortCut] c:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePSTShortCut] c:\Program Files (x86)\CyberLink\CyberLink DVD Suite Deluxe\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2673002154-866942330-3263328844-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2673002154-866942330-3263328844-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Hinzufügen zu Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ie_banner_deny.htm ()
O8 - Extra context menu item: Hinzufügen zu Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ie_banner_deny.htm ()
O9:64bit: - Extra Button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\ievkbd.dll (Kaspersky Lab ZAO)
O9:64bit: - Extra Button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\klwtbbho.dll (Kaspersky Lab ZAO)
O9 - Extra Button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll (Kaspersky Lab ZAO)
O9 - Extra Button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll (Kaspersky Lab ZAO)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A613AC85-778E-46D4-AF83-B95366D74E09}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\klogon: DllName - (%SystemRoot%\System32\klogon.dll) - C:\Windows\SysNative\klogon.dll (Kaspersky Lab ZAO)
O24 - Desktop WallPaper: C:\Users\Ron\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Ron\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011.02.14 07:49:00 | 000,000,000 | R--D | M] - H:\autorun -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
========== Files/Folders - Created Within 30 Days ==========
[2013.03.31 17:28:47 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Ron\Desktop\OTL (1).exe
[2013.03.31 16:58:05 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013.03.31 16:57:32 | 000,000,000 | ---D | C] -- C:\JRT
[2013.03.31 16:48:43 | 000,550,772 | ---- | C] (Oleg N. Scherbakov) -- C:\Users\Ron\Desktop\JRT.exe
[2013.03.23 22:44:25 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013.03.23 22:26:24 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2013.03.23 22:26:24 | 000,000,000 | ---D | C] -- C:\Users\Ron\AppData\Local\temp
[2013.03.23 22:04:26 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013.03.23 22:04:26 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013.03.23 22:04:26 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013.03.23 22:04:14 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013.03.23 22:03:51 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013.03.23 22:03:49 | 000,000,000 | ---D | C] -- C:\32788R22FWJFW
[2013.03.23 22:00:13 | 005,043,510 | R--- | C] (Swearware) -- C:\Users\Ron\Desktop\ComboFix.exe
[2013.03.23 17:12:14 | 002,237,968 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Ron\Desktop\tdsskiller.exe
[2013.03.22 21:17:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2013.03.22 21:17:16 | 000,262,560 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2013.03.22 21:16:57 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2013.03.22 21:16:57 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2013.03.22 21:16:57 | 000,095,648 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2013.03.21 20:25:37 | 000,000,000 | ---D | C] -- C:\Users\Ron\Desktop\mbar
[2013.03.21 20:25:01 | 000,000,000 | ---D | C] -- C:\Users\Ron\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
[2013.03.21 20:25:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
[2013.03.20 21:54:10 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usb8023.sys
[2013.03.19 07:58:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
[2013.03.19 07:58:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\7-Zip
[2013.03.17 13:45:25 | 000,000,000 | ---D | C] -- C:\Users\Ron\AppData\Roaming\Malwarebytes
[2013.03.17 13:45:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013.03.17 13:45:19 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013.03.17 13:45:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.03.17 13:45:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013.03.14 08:11:03 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013.03.14 08:11:03 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2013.03.14 08:11:03 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2013.03.14 08:11:02 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2013.03.14 08:11:02 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013.03.14 08:11:02 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2013.03.14 08:11:02 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2013.03.14 08:11:02 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2013.03.14 08:11:02 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2013.03.14 08:11:01 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013.03.14 08:11:01 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2013.03.14 08:11:01 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013.03.14 08:11:00 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013.03.14 08:11:00 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013.03.14 08:11:00 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2010.01.06 23:00:28 | 000,152,848 | ---- | C] (Microsoft Corporation) -- C:\Program Files (x86)\Common Files\Comdlg32.ocx
========== Files - Modified Within 30 Days ==========
[2013.03.31 17:30:36 | 001,445,546 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.03.31 17:30:36 | 000,628,742 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.03.31 17:30:36 | 000,596,036 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.03.31 17:30:36 | 000,126,486 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.03.31 17:30:36 | 000,104,110 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.03.31 17:28:47 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Ron\Desktop\OTL (1).exe
[2013.03.31 17:23:44 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013.03.31 17:23:44 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013.03.31 17:23:40 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.03.31 17:21:55 | 000,000,110 | ---- | M] () -- C:\Windows\DeleteOnReboot.bat
[2013.03.31 17:21:13 | 000,609,993 | ---- | M] () -- C:\Users\Ron\Desktop\adwcleaner.exe
[2013.03.31 17:18:15 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.03.31 16:48:43 | 000,550,772 | ---- | M] (Oleg N. Scherbakov) -- C:\Users\Ron\Desktop\JRT.exe
[2013.03.23 22:23:15 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2013.03.23 22:00:43 | 005,043,510 | R--- | M] (Swearware) -- C:\Users\Ron\Desktop\ComboFix.exe
[2013.03.23 17:12:18 | 002,237,968 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Ron\Desktop\tdsskiller.exe
[2013.03.23 17:10:03 | 000,000,512 | ---- | M] () -- C:\Users\Ron\Desktop\MBR.dat
[2013.03.22 21:16:32 | 000,095,648 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2013.03.22 21:16:28 | 000,861,088 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\npdeployJava1.dll
[2013.03.22 21:16:28 | 000,782,240 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\deployJava1.dll
[2013.03.22 21:16:28 | 000,262,560 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2013.03.22 21:16:28 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2013.03.22 21:16:28 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2013.03.22 00:14:08 | 849,042,064 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2013.03.21 20:23:55 | 013,786,977 | ---- | M] () -- C:\Users\Ron\Desktop\mbar-1.01.0.1021.zip
[2013.03.21 18:13:09 | 000,020,760 | ---- | M] () -- C:\Users\Ron\Documents\Kasperskylog.7z
[2013.03.21 11:37:30 | 000,046,748 | ---- | M] () -- C:\Users\Ron\AppData\Roaming\wklnhst.dat
[2013.03.17 13:45:20 | 000,000,910 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.03.13 19:25:38 | 000,693,976 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013.03.13 19:25:38 | 000,073,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013.03.12 19:41:09 | 000,184,320 | ---- | M] () -- C:\Users\Ron\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
========== Files Created - No Company Name ==========
[2013.03.31 17:21:50 | 000,000,110 | ---- | C] () -- C:\Windows\DeleteOnReboot.bat
[2013.03.31 17:21:13 | 000,609,993 | ---- | C] () -- C:\Users\Ron\Desktop\adwcleaner.exe
[2013.03.23 22:04:26 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013.03.23 22:04:26 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013.03.23 22:04:26 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013.03.23 22:04:26 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013.03.23 22:04:26 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013.03.23 17:09:08 | 000,000,512 | ---- | C] () -- C:\Users\Ron\Desktop\MBR.dat
[2013.03.21 20:23:37 | 013,786,977 | ---- | C] () -- C:\Users\Ron\Desktop\mbar-1.01.0.1021.zip
[2013.03.21 18:13:09 | 000,020,760 | ---- | C] () -- C:\Users\Ron\Documents\Kasperskylog.7z
[2013.03.17 13:45:20 | 000,000,910 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.05.05 15:37:16 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2012.05.05 15:26:17 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2012.05.01 10:56:29 | 000,001,356 | ---- | C] () -- C:\Users\Ron\AppData\Local\d3d9caps.dat
[2011.12.01 17:53:04 | 000,000,000 | ---- | C] () -- C:\ProgramData\Flowers
[2011.12.01 17:53:00 | 000,000,000 | ---- | C] () -- C:\ProgramData\Flange Saw
[2011.12.01 17:53:00 | 000,000,000 | ---- | C] () -- C:\ProgramData\Electric Piano
[2011.12.01 17:09:04 | 000,000,000 | -H-- | C] () -- C:\ProgramData\PKP_DLev.DAT
[2011.12.01 17:09:04 | 000,000,000 | -H-- | C] () -- C:\ProgramData\PKP_DLet.DAT
[2011.12.01 17:09:04 | 000,000,000 | -H-- | C] () -- C:\ProgramData\PKP_DLes.DAT
[2011.12.01 17:09:04 | 000,000,000 | ---- | C] () -- C:\Users\Ron\AppData\Roaming\Folder Actions
[2011.12.01 17:09:04 | 000,000,000 | ---- | C] () -- C:\Users\Ron\AppData\Roaming\Flowers
[2011.12.01 17:09:04 | 000,000,000 | ---- | C] () -- C:\Users\Ron\AppData\Roaming\Flanger
[2011.10.16 12:36:28 | 000,017,408 | ---- | C] () -- C:\Users\Ron\AppData\Local\WebpageIcons.db
[2011.07.15 22:45:37 | 000,001,460 | ---- | C] () -- C:\Users\Ron\AppData\Local\d3d9caps64.dat
[2011.06.25 16:00:17 | 000,000,055 | ---- | C] () -- C:\Users\Ron\AppData\Local\Images.fl
[2010.04.27 22:52:03 | 000,184,320 | ---- | C] () -- C:\Users\Ron\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.08.06 05:37:44 | 000,046,748 | ---- | C] () -- C:\Users\Ron\AppData\Roaming\wklnhst.dat
[2009.02.04 21:50:37 | 000,109,881 | ---- | C] () -- C:\ProgramData\nvModes.001
[2009.02.04 21:12:38 | 000,109,881 | ---- | C] () -- C:\ProgramData\nvModes.dat
========== ZeroAccess Check ==========
[2006.11.02 17:30:40 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.08 19:59:03 | 012,899,840 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 19:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.04.11 09:11:14 | 000,891,392 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\SysWow64\wbem\fastprox.dll -- [2009.04.11 08:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2008.01.21 04:50:58 | 000,513,024 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\SysWow64\wbem\wbemess.dll
========== LOP Check ==========
[2012.07.31 11:54:39 | 000,000,000 | ---D | M] -- C:\Users\Ron\AppData\Roaming\Acronis
[2010.07.18 21:58:01 | 000,000,000 | ---D | M] -- C:\Users\Ron\AppData\Roaming\Amazon
[2010.07.20 20:24:14 | 000,000,000 | ---D | M] -- C:\Users\Ron\AppData\Roaming\Canon
[2012.04.16 18:50:21 | 000,000,000 | ---D | M] -- C:\Users\Ron\AppData\Roaming\com.Rhapsody.Napster5
[2012.01.09 12:22:30 | 000,000,000 | ---D | M] -- C:\Users\Ron\AppData\Roaming\elsterformular
[2009.11.07 21:49:28 | 000,000,000 | ---D | M] -- C:\Users\Ron\AppData\Roaming\Leadertech
[2011.11.08 14:14:09 | 000,000,000 | ---D | M] -- C:\Users\Ron\AppData\Roaming\MAGIX
[2011.12.01 17:26:54 | 000,000,000 | ---D | M] -- C:\Users\Ron\AppData\Roaming\Nikon
[2012.10.27 14:29:23 | 000,000,000 | ---D | M] -- C:\Users\Ron\AppData\Roaming\ObviousIdea
[2009.08.26 20:23:46 | 000,000,000 | ---D | M] -- C:\Users\Ron\AppData\Roaming\OpenOffice.org
[2012.11.09 10:16:08 | 000,000,000 | ---D | M] -- C:\Users\Ron\AppData\Roaming\TeamViewer
[2012.09.20 11:04:21 | 000,000,000 | ---D | M] -- C:\Users\Ron\AppData\Roaming\Template
[2009.10.10 22:43:18 | 000,000,000 | ---D | M] -- C:\Users\Ron\AppData\Roaming\WinBatch
[2010.12.29 20:37:54 | 000,000,000 | ---D | M] -- C:\Users\Ron\AppData\Roaming\WindSolutions
========== Purity Check ==========
< End of report >
|
|
31.03.2013, 17:08
| #27 |
| | Heur:Exploit.java.cve-2012-1723.gen entfernen [code] nOTL Logfile: Code:
ATTFilter OTL logfile created on: 31.03.2013 17:31:32 - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Ron\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
6,00 Gb Total Physical Memory | 4,27 Gb Available Physical Memory | 71,18% Memory free
12,11 Gb Paging File | 10,21 Gb Available in Paging File | 84,33% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 582,33 Gb Total Space | 380,55 Gb Free Space | 65,35% Space Free | Partition Type: NTFS
Drive D: | 13,84 Gb Total Space | 1,54 Gb Free Space | 11,12% Space Free | Partition Type: NTFS
Drive E: | 596,17 Gb Total Space | 591,92 Gb Free Space | 99,29% Space Free | Partition Type: NTFS
Drive H: | 931,51 Gb Total Space | 762,96 Gb Free Space | 81,91% Space Free | Partition Type: NTFS
Computer Name: RON-PC | User Name: Ron | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - C:\Users\Ron\Desktop\OTL (1).exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe (Kaspersky Lab ZAO)
PRC - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
========== Modules (No Company Name) ==========
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\qtgui4.dll ()
MOD - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\qtsql4.dll ()
MOD - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\qtscript4.dll ()
MOD - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\qtnetwork4.dll ()
MOD - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\qtcore4.dll ()
MOD - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\qtdeclarative4.dll ()
MOD - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\imageformats\qgif4.dll ()
========== Services (SafeList) ==========
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (AVP) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe (Kaspersky Lab ZAO)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (IAANTMON) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
SRV - (ezSharedSvc) -- C:\Windows\SysWOW64\ezsvc7.dll (EasyBits Sofware AS)
========== Driver Services (SafeList) ==========
DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (KLIF) -- C:\Windows\SysNative\DRIVERS\klif.sys (Kaspersky Lab)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (vidsflt67) -- C:\Windows\SysNative\DRIVERS\vsflt67.sys (Acronis)
DRV:64bit: - (fltsrv) -- C:\Windows\SysNative\DRIVERS\fltsrv.sys (Acronis)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\Drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\DRIVERS\atikmdag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\DRIVERS\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdLH6.sys (Advanced Micro Devices)
DRV:64bit: - (KLIM6) -- C:\Windows\SysNative\DRIVERS\klim6.sys (Kaspersky Lab ZAO)
DRV:64bit: - (kl2) -- C:\Windows\SysNative\DRIVERS\kl2.sys (Kaspersky Lab ZAO)
DRV:64bit: - (KL1) -- C:\Windows\SysNative\DRIVERS\kl1.sys (Kaspersky Lab ZAO)
DRV:64bit: - (klmouflt) -- C:\Windows\SysNative\DRIVERS\klmouflt.sys (Kaspersky Lab)
DRV:64bit: - (LVUVC64) -- C:\Windows\SysNative\DRIVERS\lvuvc64.sys (Logitech Inc.)
DRV:64bit: - (WpdUsb) -- C:\Windows\SysNative\DRIVERS\wpdusb.sys (Microsoft Corporation)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iastor.sys (Intel Corporation)
DRV:64bit: - (RTL8169) -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys (Realtek Corporation )
DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\Drivers\PxHlpa64.sys (Sonic Solutions)
DRV - ({55662437-DA8C-40c0-AADA-2C816A897A49}) -- C:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl (CyberLink Corp.)
DRV - (PCD5SRVC{8AAF211B-043E02A9-05040000}) -- C:\Programme\PC-Doctor for Windows\pcd5srvc_x64.pkms (PC-Doctor, Inc.)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=92&bd=Pavilion&pf=cndt
IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE:64bit: - HKLM\..\SearchScopes\{7C638C6B-5B27-4A85-83CB-40250D1E4AC4}: "URL" = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1145&query={searchTerms}&invocationType=tb50hpcndtie7-de-de
IE:64bit: - HKLM\..\SearchScopes\{CA8FE908-E845-4081-937D-C045FEC0FC98}: "URL" = hxxp://de.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913933
IE:64bit: - HKLM\..\SearchScopes\{EFA2CDF5-331C-4E0D-ADEE-706B5C3B0896}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06&type=ie2008
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\..\SearchScopes\{7C638C6B-5B27-4A85-83CB-40250D1E4AC4}: "URL" = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1145&query={searchTerms}&invocationType=tb50hpcndtie7-de-de
IE - HKLM\..\SearchScopes\{CA8FE908-E845-4081-937D-C045FEC0FC98}: "URL" = hxxp://de.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913933
IE - HKLM\..\SearchScopes\{EFA2CDF5-331C-4E0D-ADEE-706B5C3B0896}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06&type=ie2008
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-2673002154-866942330-3263328844-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
IE - HKU\S-1-5-21-2673002154-866942330-3263328844-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKU\S-1-5-21-2673002154-866942330-3263328844-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-2673002154-866942330-3263328844-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com/ie
IE - HKU\S-1-5-21-2673002154-866942330-3263328844-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie
IE - HKU\S-1-5-21-2673002154-866942330-3263328844-1000\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKU\S-1-5-21-2673002154-866942330-3263328844-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ADRA_de
IE - HKU\S-1-5-21-2673002154-866942330-3263328844-1000\..\SearchScopes\{7C638C6B-5B27-4A85-83CB-40250D1E4AC4}: "URL" = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1145&query={searchTerms}&invocationType=tb50hpcndtie7-de-de
IE - HKU\S-1-5-21-2673002154-866942330-3263328844-1000\..\SearchScopes\{CA8FE908-E845-4081-937D-C045FEC0FC98}: "URL" = hxxp://de.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913933
IE - HKU\S-1-5-21-2673002154-866942330-3263328844-1000\..\SearchScopes\{EFA2CDF5-331C-4E0D-ADEE-706B5C3B0896}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06&type=ie2008
IE - HKU\S-1-5-21-2673002154-866942330-3263328844-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2673002154-866942330-3263328844-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ==========
FF - prefs.js..extensions.enabledAddons: KavAntiBanner@Kaspersky.ru:12.0.1.511
FF - prefs.js..extensions.enabledItems: linkfilter@kaspersky.ru:9.0.0.463
FF - user.js - File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\linkfilter@kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\linkfilter@kaspersky.ru [2012.10.31 20:38:24 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtualKeyboard@kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\virtualKeyboard@kaspersky.ru [2012.10.31 20:38:24 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\KavAntiBanner@Kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\KavAntiBanner@Kaspersky.ru [2012.10.31 20:38:24 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.06.04 20:28:55 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
[2010.06.16 20:33:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ron\AppData\Roaming\mozilla\Extensions
[2013.03.31 17:08:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ron\AppData\Roaming\mozilla\Firefox\Profiles\pqanxrtx.default\extensions
[2012.03.13 22:59:56 | 000,020,591 | ---- | M] () (No name found) -- C:\Users\Ron\AppData\Roaming\mozilla\firefox\profiles\pqanxrtx.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}.xpi
[2013.03.22 21:15:22 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012.05.05 15:21:28 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA}
[2010.06.16 22:32:50 | 000,000,000 | ---D | M] (Kaspersky URL Advisor) -- C:\Program Files (x86)\Mozilla Firefox\extensions\linkfilter@kaspersky.ru
[2012.10.31 20:38:24 | 000,000,000 | ---D | M] (Anti-Banner) -- C:\PROGRAM FILES (X86)\KASPERSKY LAB\KASPERSKY INTERNET SECURITY 2012\FFEXT\KAVANTIBANNER@KASPERSKY.RU
[2012.04.04 18:22:57 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.02.16 13:02:53 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.02.16 12:48:01 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.02.16 13:02:53 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.02.16 13:02:53 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.02.16 13:02:53 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.02.16 13:02:53 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
O1 HOSTS File: ([2013.03.23 22:23:15 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\ievkbd.dll (Kaspersky Lab ZAO)
O2:64bit: - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\klwtbbho.dll (Kaspersky Lab ZAO)
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll (Kaspersky Lab ZAO)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll (Kaspersky Lab ZAO)
O4:64bit: - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4:64bit: - HKLM..\Run: [CanonSolutionMenu] C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4:64bit: - HKLM..\Run: [SmartMenu] C:\Programme\Hewlett-Packard\HP MediaSmart\SmartMenu.exe (Hewlett-Packard)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avp] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe (Kaspersky Lab ZAO)
O4 - HKLM..\Run: [UpdateP2GoShortCut] c:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePSTShortCut] c:\Program Files (x86)\CyberLink\CyberLink DVD Suite Deluxe\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2673002154-866942330-3263328844-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2673002154-866942330-3263328844-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Hinzufügen zu Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ie_banner_deny.htm ()
O8 - Extra context menu item: Hinzufügen zu Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ie_banner_deny.htm ()
O9:64bit: - Extra Button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\ievkbd.dll (Kaspersky Lab ZAO)
O9:64bit: - Extra Button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\klwtbbho.dll (Kaspersky Lab ZAO)
O9 - Extra Button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll (Kaspersky Lab ZAO)
O9 - Extra Button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll (Kaspersky Lab ZAO)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A613AC85-778E-46D4-AF83-B95366D74E09}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\klogon: DllName - (%SystemRoot%\System32\klogon.dll) - C:\Windows\SysNative\klogon.dll (Kaspersky Lab ZAO)
O24 - Desktop WallPaper: C:\Users\Ron\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Ron\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011.02.14 07:49:00 | 000,000,000 | R--D | M] - H:\autorun -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
========== Files/Folders - Created Within 30 Days ==========
[2013.03.31 17:28:47 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Ron\Desktop\OTL (1).exe
[2013.03.31 16:58:05 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013.03.31 16:57:32 | 000,000,000 | ---D | C] -- C:\JRT
[2013.03.31 16:48:43 | 000,550,772 | ---- | C] (Oleg N. Scherbakov) -- C:\Users\Ron\Desktop\JRT.exe
[2013.03.23 22:44:25 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013.03.23 22:26:24 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2013.03.23 22:26:24 | 000,000,000 | ---D | C] -- C:\Users\Ron\AppData\Local\temp
[2013.03.23 22:04:26 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013.03.23 22:04:26 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013.03.23 22:04:26 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013.03.23 22:04:14 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013.03.23 22:03:51 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013.03.23 22:03:49 | 000,000,000 | ---D | C] -- C:\32788R22FWJFW
[2013.03.23 22:00:13 | 005,043,510 | R--- | C] (Swearware) -- C:\Users\Ron\Desktop\ComboFix.exe
[2013.03.23 17:12:14 | 002,237,968 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Ron\Desktop\tdsskiller.exe
[2013.03.22 21:17:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2013.03.22 21:17:16 | 000,262,560 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2013.03.22 21:16:57 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2013.03.22 21:16:57 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2013.03.22 21:16:57 | 000,095,648 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2013.03.21 20:25:37 | 000,000,000 | ---D | C] -- C:\Users\Ron\Desktop\mbar
[2013.03.21 20:25:01 | 000,000,000 | ---D | C] -- C:\Users\Ron\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
[2013.03.21 20:25:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
[2013.03.20 21:54:10 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usb8023.sys
[2013.03.19 07:58:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
[2013.03.19 07:58:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\7-Zip
[2013.03.17 13:45:25 | 000,000,000 | ---D | C] -- C:\Users\Ron\AppData\Roaming\Malwarebytes
[2013.03.17 13:45:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013.03.17 13:45:19 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013.03.17 13:45:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.03.17 13:45:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013.03.14 08:11:03 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013.03.14 08:11:03 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2013.03.14 08:11:03 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2013.03.14 08:11:02 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2013.03.14 08:11:02 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013.03.14 08:11:02 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2013.03.14 08:11:02 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2013.03.14 08:11:02 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2013.03.14 08:11:02 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2013.03.14 08:11:01 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013.03.14 08:11:01 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2013.03.14 08:11:01 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013.03.14 08:11:00 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013.03.14 08:11:00 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013.03.14 08:11:00 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2010.01.06 23:00:28 | 000,152,848 | ---- | C] (Microsoft Corporation) -- C:\Program Files (x86)\Common Files\Comdlg32.ocx
========== Files - Modified Within 30 Days ==========
[2013.03.31 17:30:36 | 001,445,546 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.03.31 17:30:36 | 000,628,742 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.03.31 17:30:36 | 000,596,036 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.03.31 17:30:36 | 000,126,486 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.03.31 17:30:36 | 000,104,110 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.03.31 17:28:47 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Ron\Desktop\OTL (1).exe
[2013.03.31 17:23:44 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013.03.31 17:23:44 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013.03.31 17:23:40 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.03.31 17:21:55 | 000,000,110 | ---- | M] () -- C:\Windows\DeleteOnReboot.bat
[2013.03.31 17:21:13 | 000,609,993 | ---- | M] () -- C:\Users\Ron\Desktop\adwcleaner.exe
[2013.03.31 17:18:15 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.03.31 16:48:43 | 000,550,772 | ---- | M] (Oleg N. Scherbakov) -- C:\Users\Ron\Desktop\JRT.exe
[2013.03.23 22:23:15 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2013.03.23 22:00:43 | 005,043,510 | R--- | M] (Swearware) -- C:\Users\Ron\Desktop\ComboFix.exe
[2013.03.23 17:12:18 | 002,237,968 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Ron\Desktop\tdsskiller.exe
[2013.03.23 17:10:03 | 000,000,512 | ---- | M] () -- C:\Users\Ron\Desktop\MBR.dat
[2013.03.22 21:16:32 | 000,095,648 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2013.03.22 21:16:28 | 000,861,088 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\npdeployJava1.dll
[2013.03.22 21:16:28 | 000,782,240 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\deployJava1.dll
[2013.03.22 21:16:28 | 000,262,560 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2013.03.22 21:16:28 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2013.03.22 21:16:28 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2013.03.22 00:14:08 | 849,042,064 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2013.03.21 20:23:55 | 013,786,977 | ---- | M] () -- C:\Users\Ron\Desktop\mbar-1.01.0.1021.zip
[2013.03.21 18:13:09 | 000,020,760 | ---- | M] () -- C:\Users\Ron\Documents\Kasperskylog.7z
[2013.03.21 11:37:30 | 000,046,748 | ---- | M] () -- C:\Users\Ron\AppData\Roaming\wklnhst.dat
[2013.03.17 13:45:20 | 000,000,910 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.03.13 19:25:38 | 000,693,976 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013.03.13 19:25:38 | 000,073,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013.03.12 19:41:09 | 000,184,320 | ---- | M] () -- C:\Users\Ron\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
========== Files Created - No Company Name ==========
[2013.03.31 17:21:50 | 000,000,110 | ---- | C] () -- C:\Windows\DeleteOnReboot.bat
[2013.03.31 17:21:13 | 000,609,993 | ---- | C] () -- C:\Users\Ron\Desktop\adwcleaner.exe
[2013.03.23 22:04:26 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013.03.23 22:04:26 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013.03.23 22:04:26 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013.03.23 22:04:26 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013.03.23 22:04:26 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013.03.23 17:09:08 | 000,000,512 | ---- | C] () -- C:\Users\Ron\Desktop\MBR.dat
[2013.03.21 20:23:37 | 013,786,977 | ---- | C] () -- C:\Users\Ron\Desktop\mbar-1.01.0.1021.zip
[2013.03.21 18:13:09 | 000,020,760 | ---- | C] () -- C:\Users\Ron\Documents\Kasperskylog.7z
[2013.03.17 13:45:20 | 000,000,910 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.05.05 15:37:16 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2012.05.05 15:26:17 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2012.05.01 10:56:29 | 000,001,356 | ---- | C] () -- C:\Users\Ron\AppData\Local\d3d9caps.dat
[2011.12.01 17:53:04 | 000,000,000 | ---- | C] () -- C:\ProgramData\Flowers
[2011.12.01 17:53:00 | 000,000,000 | ---- | C] () -- C:\ProgramData\Flange Saw
[2011.12.01 17:53:00 | 000,000,000 | ---- | C] () -- C:\ProgramData\Electric Piano
[2011.12.01 17:09:04 | 000,000,000 | -H-- | C] () -- C:\ProgramData\PKP_DLev.DAT
[2011.12.01 17:09:04 | 000,000,000 | -H-- | C] () -- C:\ProgramData\PKP_DLet.DAT
[2011.12.01 17:09:04 | 000,000,000 | -H-- | C] () -- C:\ProgramData\PKP_DLes.DAT
[2011.12.01 17:09:04 | 000,000,000 | ---- | C] () -- C:\Users\Ron\AppData\Roaming\Folder Actions
[2011.12.01 17:09:04 | 000,000,000 | ---- | C] () -- C:\Users\Ron\AppData\Roaming\Flowers
[2011.12.01 17:09:04 | 000,000,000 | ---- | C] () -- C:\Users\Ron\AppData\Roaming\Flanger
[2011.10.16 12:36:28 | 000,017,408 | ---- | C] () -- C:\Users\Ron\AppData\Local\WebpageIcons.db
[2011.07.15 22:45:37 | 000,001,460 | ---- | C] () -- C:\Users\Ron\AppData\Local\d3d9caps64.dat
[2011.06.25 16:00:17 | 000,000,055 | ---- | C] () -- C:\Users\Ron\AppData\Local\Images.fl
[2010.04.27 22:52:03 | 000,184,320 | ---- | C] () -- C:\Users\Ron\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.08.06 05:37:44 | 000,046,748 | ---- | C] () -- C:\Users\Ron\AppData\Roaming\wklnhst.dat
[2009.02.04 21:50:37 | 000,109,881 | ---- | C] () -- C:\ProgramData\nvModes.001
[2009.02.04 21:12:38 | 000,109,881 | ---- | C] () -- C:\ProgramData\nvModes.dat
========== ZeroAccess Check ==========
[2006.11.02 17:30:40 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.08 19:59:03 | 012,899,840 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 19:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.04.11 09:11:14 | 000,891,392 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\SysWow64\wbem\fastprox.dll -- [2009.04.11 08:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2008.01.21 04:50:58 | 000,513,024 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\SysWow64\wbem\wbemess.dll
========== LOP Check ==========
[2012.07.31 11:54:39 | 000,000,000 | ---D | M] -- C:\Users\Ron\AppData\Roaming\Acronis
[2010.07.18 21:58:01 | 000,000,000 | ---D | M] -- C:\Users\Ron\AppData\Roaming\Amazon
[2010.07.20 20:24:14 | 000,000,000 | ---D | M] -- C:\Users\Ron\AppData\Roaming\Canon
[2012.04.16 18:50:21 | 000,000,000 | ---D | M] -- C:\Users\Ron\AppData\Roaming\com.Rhapsody.Napster5
[2012.01.09 12:22:30 | 000,000,000 | ---D | M] -- C:\Users\Ron\AppData\Roaming\elsterformular
[2009.11.07 21:49:28 | 000,000,000 | ---D | M] -- C:\Users\Ron\AppData\Roaming\Leadertech
[2011.11.08 14:14:09 | 000,000,000 | ---D | M] -- C:\Users\Ron\AppData\Roaming\MAGIX
[2011.12.01 17:26:54 | 000,000,000 | ---D | M] -- C:\Users\Ron\AppData\Roaming\Nikon
[2012.10.27 14:29:23 | 000,000,000 | ---D | M] -- C:\Users\Ron\AppData\Roaming\ObviousIdea
[2009.08.26 20:23:46 | 000,000,000 | ---D | M] -- C:\Users\Ron\AppData\Roaming\OpenOffice.org
[2012.11.09 10:16:08 | 000,000,000 | ---D | M] -- C:\Users\Ron\AppData\Roaming\TeamViewer
[2012.09.20 11:04:21 | 000,000,000 | ---D | M] -- C:\Users\Ron\AppData\Roaming\Template
[2009.10.10 22:43:18 | 000,000,000 | ---D | M] -- C:\Users\Ron\AppData\Roaming\WinBatch
[2010.12.29 20:37:54 | 000,000,000 | ---D | M] -- C:\Users\Ron\AppData\Roaming\WindSolutions
========== Purity Check ==========
< End of report >
ICh habe ein weiteres Problem! HAbe Abmahnung erhalten bei "Bittorrent" etwas zur Verfügung gestellt zu haben. Ich war aber nie wissentlich auf dieser Seite. KAnn man in den Logs oder der Malware irgendetwas entnehmen, das ich damit ein Problem hatte? Bzw hast DU MAlware gefunden, die soetwas "von aussen" möglich gemacht haben könnte? |
|
01.04.2013, 16:38
| #28 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Heur:Exploit.java.cve-2012-1723.gen entfernen Von wem bitte hast du eine Abmahnung erhalten? In in welcher Form?
__________________ Logfiles bitte immer in CODE-Tags posten |
|
01.04.2013, 16:55
| #29 |
| | Heur:Exploit.java.cve-2012-1723.gen entfernen Die bekannte Kanzlei Rasch in HAmburg will 1200 Euro! Angeblich hätte ich bei Bittorrent ein Musikalbum (Lana del ray/Born to die) zum Download zur VErfügung gestellt. ICh war noch nie auf Biitorrent oder habe an irgendwelchen FIlesharing Programmen teilgenommen. Um 3:10 in der früh schlafe ich auch! Ich habe gedacht es hat etwas mit der Malware zu tun, die wir gerade versuchen vom Rechner zu entfernen. |
|
01.04.2013, 23:06
| #30 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Heur:Exploit.java.cve-2012-1723.gen entfernen In den Logs seh ich bislang noch so nichts von torrent. Hast du noch irgendwelche andere Rechner bei dir im Haus? Ist WLAN verfügbar? Wenn ja, wie ist es verschlüsselt, wer hat alles Zugriff darauf? Angenommen dieser Vorwurf stimmt, dann weiß dieser Abmahner erstmal nur, dass es von diesem Internetanschluss aus ging, aber nicht von welchem Rechner unter diesem (deinen/euren) Anschluss.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
| Themen zu Heur:Exploit.java.cve-2012-1723.gen entfernen |
| administrator, anti-malware, autostart, bösartige, dateien, entferne, entfernen, explorer, gefunde, guten, heur, kaspersky, malwarebytes, minute, nichts, registrierung, service, service pack 2, speicher, test, troja, version, verzeichnisse, vista, vorgehen |
WARNUNG an die MITLESER: 
Linear-Darstellung
